Rootconf 2019

On infrastructure security, DevOps and distributed systems.

Participate

Bug Bounties for organizations

Submitted by Anant Shrivastava (@anantshri) on Tuesday, 11 June 2019

Section: Birds Of Feather (BOF) session Technical level: Intermediate Session type: Discussion

View proposal in schedule

Abstract

This BOF session will be in continuation of the talk by Shadab. The main agenda behind the session is to bring out a discussion and help organizations get started with the bug bounties. Bug bounties in short are the easiest way to leverage the information security community and individuals in general to help shore up an organizations defences.

Who should attend

We expect the session to be useful for any organization or individual planning to run bug bounty programs, or already doing it and looking to see how others are doing it.

Key Takeaways

  1. Should you setup your own or go for crowd sourced platform ( pointers on when to choose what)
  2. what problems/struggles exist(technically/logistically) if you want to start your own especially in India
  3. points to take care while planning / launching and running a bug bounty
  4. how does leadership understand BB and what are ways to have their buy in and what’s their expectation and fear from it

Outline

This session will be run in an unorganized manner however some key points of discussion we think would be useful are:

  1. Should an organization be getting into bug bounty. if yes when do you know you are ready
  2. How to convince the management about launching bug bounties
  3. What would be a better choice going independent or joing a platform
  4. How do you decide payouts (money, swag, wall of fame)
  5. Real life challenges faced while running bug bounty programs
  6. How to handle bug triaging
  7. How to handle respectful communications and enforce rules

The discussion will revolve around bug bounties however we will not be covering bug hunting as part of this discussion.

Requirements

As this is discussion session we expect people to bring out the questions that matters to them. Experiances or hurdles faced during the discussion, pre launch or after launch. Bring out the pain points and we can try to brain storm on those together as a collective. The only limitation would be in going too specific as all organizations are unique with own workflows we will try to keep discussions to pointers and suggestions on a broader level.

Speaker bio

Shadab Siddiqui, Ankur Bhargava, Shubham Mittal, Anant Shrivastava will participate in this session

Comments

Login with Twitter or Google to leave a comment