Hi [[ session.user.profile.firstName ]]

The Art and Value of Bug Bounty Programs

In our wired, connected world, software flaws are inevitable – so why not utilize the nature of our connected world to work with a distributed immune system made up of thousands of security researchers? This webcast will provide in-depth analysis based on extensive academic research, conversations with CISOs experienced in running such programs, and the security researcher community.

In this webinar, we will highlight the business, technology, and organizational values companies derive from these bug bounty programs. Finally, the talk will identify the common myths, fears and barriers for participation, and suggest recommendations to counter these barriers.

Key Takeaways:
- Bug Bounty program evolution and myth busting
- Lessons from Barracuda’s Bug Bounty program
- How businesses and technology derive value from bug bounty programs
- The art of running a successful & effective bug bounty program
Recorded Jul 1 2016 57 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Keren Elazari, cyber security analyst and senior researcher
Presentation preview: The Art and Value of Bug Bounty Programs
  • Channel
  • Channel profile
  • Thwarting Extortion: Ransomware Detection and Prevention Recorded: Aug 18 2021 59 mins
    Katie Paxton Fear (Application Security Engineer); Matt Wixey (R&D Lead, Cyber Security Practice); Steve Paul (Black Hat)
    Anti-ransomware methods are a hot topic with many different approaches. But what are these methods and how do they work? How can we give the initiative back to the defender in the arms race between attack and defense?

    In this webinar, our panel discusses why directing and preventing ransomware poses different intellectual and practical challenges compared to other forms of malware, along with the opportunities to develop new mitigation techniques. They'll also cover:
    -A technical overview of the current research across categories such as filessystem interaction, API calls, ransom notes, and network activity
    -Five new methods for ransomware detection and prevention
    -A statistical analysis of ransomware and attacker behaviors
  • PrintNightmare Vulnerability: What You Need to Know Recorded: Aug 4 2021 16 mins
    Casey Ellis (CTO, Founder, & Chairman); Adam Foster (Application Security Engineer)
    PrintNightmare or PrinterNightmare is an interesting vulnerability currently impacting Microsoft systems. This vulnerability can be executed on remotely and has a lot of potential for ransomware implications.

    Join Bugcrowd’s Founder, CTO, and Chairman Casey Ellis and Application Security Engineer Adam Foster for this 15-minute security flash, where they will break down:

    -The unique history behind this vulnerability
    -What defenders’ next steps should be
    -This vulnerability from the security researcher perspective
    -Information on the active patch
    -How Bugcrowd can help organizations better understand their exposure to vulnerabilities like this
  • Tips and Tricks to Penetration Testing - A Layered Security Approach Recorded: Jul 28 2021 45 mins
    Kaushik Srinivas and Michael Skelton (Codingo)
    Pen testing is widely known as a key security best practice. In fact, in June of 2021, The White House released a memo encouraging business leaders to take urgent action to counter ransomware threats. One of their guidelines addressed the importance of penetration testing. From the memo:

    “Use a third party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.”

    This webinar dives into the layered approach of pen testing, a powerful way to discover new vulnerabilities in your assets. We’ll be talking to Bugcrowd experts Kaushik Srinivas and Michael Skelton (Codingo) to learn:
    - Why pen testing can be a security best practice
    - Different approaches to pen testing and how to find the best fit for your organization
    - Pen testing use cases and tips for better results
    - How to optimize pen testing incentives to best match your organization’s needs

    We’ll also discuss Bugcrowd’s Pen Testing offerings and how you can tailor it to best match your needs and use cases.
  • Kaseya/REvil Attack Explained Recorded: Jul 15 2021 14 mins
    Casey Ellis (Bugcrowd CTO, Founder, & Chairman)
    Ransomware has been the “topic du jour” lately among security professionals and beyond. But what about the recent Kaseya REvil ransomware attack is different?

    In this 15-minute security flash, Bugcrowd’s CTO and founder, Casey Ellis, answers frequently asked questions about this ransomware attack, including:
    -What happened?
    -Why is it concerning?
    -What was the impact?
    -What should orgs be doing right now?
    -How can Bugcrowd help?

    Check out these links for further reading and information about the attack and ransomware.
  • Colonial Pipeline Attack: A Look at Ransomware in National Infrastructure Recorded: Jul 14 2021 17 mins
    Dr. Katie Paxton-Fear
    A month after the Colonial Pipeline ransomware attack, we’re looking back with lessons learned. In this 15-minute security flash, Dr. Katie Paxton-Fear recaps the attack, gives background on how ransomware works, and looks at the potential impact of ransomware in critical national infrastructure.
    She also covers several key questions, including:
    - Should paying ransoms be illegal?
    - How do industrial controls work?
    - What steps can organizations take before a ransomware attack?
  • Best Practices for Implementing and Managing a VDP Recorded: Jun 29 2021 54 mins
    Casey Ellis (CTO, Founder, & Chairman); Grant McCracken (VP of Operations)
    Vulnerability Disclosure Programs (VDPs) are a commitment to security transparency and an understanding that vulnerabilities are an inevitable part of development. But they’re also extremely practical – 87% of organizations have received a critical or high priority vulnerability through a VDP.

    In this webinar, you’ll learn:
    -What is a VDP and why is it included in the NIST Cybersecurity Framework?
    -5 key benefits of a VDP
    -The role white-hat hackers and VDPs played in the 2020 US presidential elections
    -Tips to starting a VDP
    -8 best practices to manage a VDP
  • 3 Expensive Attack Surface Management Mistakes to Avoid Recorded: Jun 15 2021 35 mins
    Randy Young, Product Manager, Bugcrowd
    Attack surface is evolving faster than ever before. In fact, 2/3 of organizations say attack surface management is more difficult than it was two years ago. So how can we make it easier, not harder?

    In this webinar, we’ll sit down with Bugcrowd Product Manager Randy Young to discuss some common attack surface mistakes that can have expensive consequences.
  • 5 Tips and Tricks for Running a Successful Bug Bounty Program Recorded: Jun 1 2021 25 mins
    Alexander Laliberte, Grant McCracken
    Bug bounties have continued to grab headlines over the past year - we’ve seen 40% growth in program launches during the past year. As bug bounty programs have become a necessity, so has understanding the nuances of how to make a bug bounty program successful.

    Running a successful bug bounty program starts far before the actual program launch and is a continuous process. If you're running your own, or starting with a vendor, what do you REALLY need to to know?

    Join Cisco Meraki’s Bug Bounty Program Manager, Alexander Laliberte and Bugcrowd’s Sr. Manager of Solutions Architect, Grant McCracken for a panel discussion on:

    - What a successful program looks like
    - Practical tips for optimizing your bug bounty program
    - What levers an organization can pull to see success
  • Parler Security: What Happened? Recorded: Apr 20 2021 19 mins
    Casey Ellis, Coen Hyde
    Parler was hacked due to a common development mistake. How can you avoid the same fate?

    When it comes to startups, priorities are generally focused around getting off the ground and making payroll, often sacrificing security.

    The reality is, the bad guys don’t care if you’re a startup or more established. We saw this at Parler, the internet’s new social networking site. Parler got caught in the common startup balancing act, experiencing hyper-growth with a lack of threat modeling.

    Today on the Bugcrowd Stream, our Founder and CTO Casey Ellis spoke with Director of Infrastructure, Coen Hyde, about the role of security in the early stages of a business and how asking what might go wrong early on could save you a lot of grief later.
  • Are there Legal Safe Harbors in Vulnerability Disclosure? Recorded: Jun 14 2018 60 mins
    Amit Elazari, Doctoral Law Candidate, CLTC Grantee, UC Berkeley School of Law. Casey Ellis, Founder and CTO, Bugcrowd
    While the crowdsourced security economy is growing across all industries, many still wonder if bug bounties and vulnerability disclosure programs put white hat hackers at legal risk rather than authorizing access and creating legal safe harbors. Who dictates the rules of the crowdsourced security economy? Who safeguards the legal interests of the individual hacker, the Crowd?

    Join Amit Elazari, doctoral law candidate, CLTC Grantee, UC Berkeley School of Law, and Casey Ellis, founder and CTO of Bugcrowd, on Thursday, June 14 at 1 p.m. PST (4 p.m. EST) for a live video discussion on:

    - Minimizing legal risks of hackers participating in crowdsourced security
    - What can be done to foster safe harbor adoption in bug bounties
    - The importance of standardizing legal terms, in light of the recent DOJ framework
  • CISO Panel: 5 Ways to Combat Modern Security Challenges Recorded: Mar 7 2018 58 mins
    CISO Panel
    Last year saw dramatic shifts in the cybersecurity landscape. The number of data breaches and cyber-attacks is skyrocketing. CISOs and security leaders are struggling to find and invest in the best approaches to combat cybercrime for their organizations.

    Traditional application security testing methods just aren’t cutting it anymore, leaving so many organizations vulnerable. To get a better understanding on what is top of mind for cyber security leaders this year, we surveyed more than 250 CISOs, CIOs, CTOs and CIOs across different industries and regions.

    Join our live CISO panel discussion which will outline this year’s top security goals and concerns:

    1. Overcoming cybersecurity resource shortages
    2. Managing increasingly complex tools and proving their ROI
    3. Addressing perceived concerns in running a VDP or Bug Bounty Program

    David Baker, CSO, Bugcrowd
    Geoff Poer, CISO, Chronos
    Martin Rues, CISO, Outreach.io
    Maxime Rousseau, CSO, Personal Capital
  • Lessons Learned: How Equifax Changes The Way We Think About Cybersecurity Recorded: Oct 26 2017 26 mins
    Casey Ellis, Founder and CTO, Bugcrowd, Johnathan Cran, VP Product, Bugcrowd
    There is no silver bullet against targeted and enduring attacks, and the reality is that if an external threat has enough resources at its disposal there is nothing that will make companies 100% protected.

    Now more than ever, companies need to reexamine how they think about cybersecurity, empower their security teams, and prioritize security programs against competing internal initiatives.

    Building and maintaining the appropriate mix of cybersecurity resources, processes, and company-wide emphasis can be a challenge for all companies regardless of their size or security maturity.

    Register now to learn 3 core lessons learned from the Equifax data breach, and why many security leaders are adding Vulnerability Disclosure programs to patch vulnerabilities faster, give visibility and priority to known issues, and refine their SDLC.

    About Bugcrowd:
    The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 65,000 security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity.
  • CISO Panel: Bolster Your Security with Bug Bounties Recorded: Sep 28 2017 54 mins
    Alvaro Hoyos, Dave Farrow, David Baker, Gene Meltser
    Security vendor products are held to a higher standard of security—and for good reason as the very existence of their organization could be at risk due to a vulnerability. Many of these vendors are turning to bug bounty programs to not only find any vulnerabilities in their products and services, but also to provide assurance to their clients.

    Join our CISO panel for a live discussion on the following topics:
    1. Protecting complex environments and highly sensitive data
    2. Overcoming cybersecurity resource shortages
    3. Achieving security coverage at scale

    Featured speakers:
    Alvaro Hoyos, CISO @ OneLogin
    Dave Farrow, Sr Dr., Information Security @ Barracuda Networks
    David Baker, CSO @ Bugcrowd, formerly CISO @ Okta
    Gene Meltser, Enterprise Security Architect @ Sophos
  • Expert Panel: Bug Bounty Trends and What They Mean Recorded: Jul 27 2017 60 mins
    Casey Ellis, Founder & CEO, Bugcrowd Jeremiah Grossman, Chief of Security Strategy, SentinelOne HD Moore, Founder of The Meta
    Traditional methods for vulnerability discovery are failing us. With rapidly expanding attack surfaces, motivated adversaries, and the growing shortage of full-time infosec professionals, organizations are fighting a losing battle. One thing is clear: We need a new approach.

    Enter the Bug Bounty model. Bug bounties have quickly evolved from a “nice to have” to a “must have” for most application security teams.

    What’s behind this trend? Why are bug bounties growing, and why now?

    Join our expert panel as we discuss the key findings from The 2017 State of Bug Bounty Report.

    - Casey Ellis, Founder & CEO of Bugcrowd
    - Jeremiah Grossman, Chief of Security Strategy at SentinelOne
    - HD Moore, Founder of The Metasploit Project
  • 3 Reasons to Swap Your Next Pen Test for a Bug Bounty Recorded: Jun 29 2017 60 mins
    Jason Haddix, Head of Trust and Security & Wade Billings, VP, Technology Services, Canvas by Instructure
    In the past several years, bug bounty programs have disrupted the pen test norm, and provide organizations with a robust and all-encompassing security assessment solution. Instructure, the company behind Canvas Learning Management System (LMS), made the switch three years ago and have never looked back.

    In this webinar, we will explore...
    • Why Instructure replaced their last three penetration tests and the results they’ve found
    • The three fundamental differences between the penetration testing model and the bug bounty model
    • How organizations running bug bounty programs have seen improved results in both volume and quality in vulnerability submissions
  • Ensuring Maximum Protection—How 3 Security Vendors Approach Their Own Security Recorded: Mar 28 2017 60 mins
    Alvaro Hoyos, David Baker, David Farrow, Gene Meltser
    Security vendor products are held to a higher standard of security—and for good reason as the very existence of their organization could be at risk due to a vulnerability. Many of these vendors are turning to bug bounty programs to not only find any vulnerabilities in their products and services, but also to provide assurance to their clients.

    Join our security panel for a live discussion on the following topics:
    1. What unique appsec challenges come along with complex & high-risk environments
    2. How to design security programs to provide robust coverage of those technologies
    3. Why bug bounties were so quickly adopted within the security industry
    4. Open Q&A with the panelists

    Featured speakers:
    Alvaro Hoyos, Chief Security Officer @ OneLogin
    David Farrow, Sr Director, Information Security @ Barracuda Networks
    David Baker, VP Operations @ Bugcrowd, formerly CISO @ Okta
    Gene Meltser, Enterprise Security Architect @ Sophos
  • Breaking the Vulnerability Cycle—Key Findings from 100 CISOs Recorded: Mar 2 2017 67 mins
    Jason Haddix, Brad Arkin, Kim Green, DARK Reading
    Bugcrowd surveyed 100 CISOs and security decision makers and found that today’s application security teams are facing 3 distinct issues that lead to vulnerability:

    1. Active and efficient adversaries
    2. A ballooning attack surface
    3. Cybersecurity resource shortage

    When combined, these adverse conditions form a ‘vulnerability cycle’ – leaving organizations susceptible to a breach or worse.

    View this ondemand webinar to:

    - Get plans to combat these 3 issues in 2017
    - Learn how to dissect each component of the vulnerability cycle
    - Discover security tools and best practices
    - Find out top CISO investments for 2017
  • Are You Vulnerability Blind? 3 Reasons to Reconsider a Bug Bounty Recorded: Jan 25 2017 45 mins
    Johnathan Hunt, VP Information Security at Invision; Paul Ross, SVP Marketing at Bugcrowd
    Bug Bounty programs are critical to the security programs of thousands of organizations, but many still have not embraced them. Join security leader Johnathan Hunt, VP Information Security at InVision, Paul Ross, SVP of Marketing at Bugcrowd to discuss why that situation must change, through topics including:

    - How a security expert changed his mind about bug bounties
    - Why no bug bounty means missed vulnerabilities
    - How Bugcrowd finds a P1 bug every 27 hours

    We will explore InVision’s bug bounty experience from conception to being critical to their customers’ confidence in their security.

    *Register for the webinar now*

    “Whether or not you’re going to have the good guys working for you or not, doesn’t mean the bad guys are going to stop working”

    - Johnathan Hunt, Invision
  • 5 Critical Security Issues for 2017 (And How to Address Them) Recorded: Dec 13 2016 64 mins
    Jeremiah Grossman, Daniel Miessler, Richard Rushing, Paul Ross
    Over the past twelve months we’ve witnessed a shift in how companies are tackling their application security challenges. Join a CISO, an AppSec guru, and IoT security expert to hear industry leading perspectives on the trends that have emerged over the past year, and what to look forward to in the next.

    Our all-star panel of industry experts includes Jeremiah Grossman, Founder of WhiteHat Security and Chief of Security Strategy with SentinelOne, Daniel Miessler, Project Leader: OWASP IoT Security Project and Richard Rushing, CISO at Motorola Mobility, for a discussion on what trends every security professional needs to be aware of for 2017.

    The critical trends you need to know about will include:
    • How crowdsourcing security assessment will improve pen testing in 2017
    • Why IOT security is becoming every CISO’s problem
    • How will AI and Machine Learning impact protecting your company’s fate?
  • 7 Bug Bounty Myths, BUSTED Recorded: Dec 7 2016 55 mins
    Jason Haddix, Paul Ross, Dark Reading
    Despite thousands of large and small organizations running bug bounty programs, there is still a lot of fear and uncertainty about these in the cybersecurity community. In this webinar we will explore 7 myths about Bug Bounty programs, the hackers who are involved, and the impact they are having on the security posture of organizations around the world.

    When you attend this webinar you will:

    - Learn if a bug bounty program is right for your organization
    - Understand if a bug bounty encourages hackers to attack your systems
    - Explore the real benefits of bug bounty programs – and find out if they actually work
    - Get insight on whether these programs are too hard and costly to manage
Trends and best practices in application security, pen testing & more.
Bugcrowd is the force multiplier in cybersecurity, providing access to a global network of ethical hackers who help organizations maximize the impact of their security defenses. Top Fortune 500 organizations trust Bugcrowd to manage their Penetration Test, Bug Bounty, Vulnerability Disclosure, and Attack Surface Management programs. Bugcrowd helps organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Art and Value of Bug Bounty Programs
  • Live at: Jul 1 2016 5:15 pm
  • Presented by: Keren Elazari, cyber security analyst and senior researcher
  • From:
Your email has been sent.
or close