This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 13 • 11:45am - 11:55am
Lightning Talk - The hidden bug in public bug bounties

Sign up or log in to save this to your schedule and see who's attending!

On the surface, public bug bounty programs look like a no-brainer. You invite a number of security researchers to find security issues in your application and you only pay for valid results. Who can say no to that? However as we explore in this talk, for many organizations, launching a public bug bounty program is a buggy idea. It’s like storming the castle before gathering systematic intelligence and planning strategic attacks.

In this talk we will look at some of the challenges of public bug bounties such as:
- Low signal to noise  which drives up the cost per bug
- Significant program management needed to run the program

We will look at the return on investment between running a public bug bounty program and engaging in more focused crowdsourced pen tests.

We’ll dive deeper into experiences drawn from the crowdsourced appsec industry over the last 4 years, as well as analysis of public accessible data in connection with data gathered from 200+ organizations running security programs on the Cobalt platform.

avatar for Jacob Hansen

Jacob Hansen

CEO, Cobalt Labs
Jacob Hansen is the CEO and Co-Founder of Cobalt Labs. Cobalt delivers crowdsourced pen tests and private bug bounties to modern organizations. | | Prior to founding Cobalt, Jacob was a consultant at Accenture in Copenhagen and London, where he delivered Enterprise IT Solutions for Fortune 1000 clients. As an advocate of crowdsourcing and cybersecurity, Jacob has been featured in Forbes, The Verge, and has spoken at various conferences... Read More →

Thursday October 13, 2016 11:45am - 11:55am
Room C

Attendees (34)