AppSec USA 2016 has ended
Back To Schedule
Thursday, October 13 • 11:45am - 11:55am
Lightning Talk - The hidden bug in public bug bounties

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

On the surface, public bug bounty programs look like a no-brainer. You invite a number of security researchers to find security issues in your application and you only pay for valid results. Who can say no to that? However as we explore in this talk, for many organizations, launching a public bug bounty program is a buggy idea. It’s like storming the castle before gathering systematic intelligence and planning strategic attacks.

In this talk we will look at some of the challenges of public bug bounties such as:
- Low signal to noise  which drives up the cost per bug
- Significant program management needed to run the program

We will look at the return on investment between running a public bug bounty program and engaging in more focused crowdsourced pen tests.

We’ll dive deeper into experiences drawn from the crowdsourced appsec industry over the last 4 years, as well as analysis of public accessible data in connection with data gathered from 200+ organizations running security programs on the Cobalt platform.

avatar for Jacob Hansen

Jacob Hansen

CEO, Cobalt Labs
Jacob Hansen is the CEO and Co-Founder of Cobalt Labs. Cobalt delivers crowdsourced pen tests and private bug bounties to modern organizations.Prior to founding Cobalt, Jacob was a consultant at Accenture in Copenhagen and London, where he delivered Enterprise IT Solutions for Fortune... Read More →

Thursday October 13, 2016 11:45am - 11:55am EDT
Room C