SlideShare una empresa de Scribd logo

Bug Bounty Tipping Point: Strength in Numbers

bugcrowd
bugcrowd

Recorded on September 21, 2016, Casey Ellis, Bugcrowd CEO and Kymberlee Price, Sr. Director of Researcher Operations, explore current trends in the bug bounty market.

Tecnología
1 de 30
Descargar para leer sin conexión
September 2016 1 Folks Leading The Discussion Today Quick Bios
September 2016 2 Folks Leading The Discussion Today Quick Bios @caseyjohnellis Found and CEO, Bugcrowd Recovering pentester turned solution architect turned sales guy turned entrepreneur @kym_possible Senior Director of Researcher Operations, Bugcrowd Data analyst, security evangelist, behavioral psychologist, former director of a Red Team
September 2016 3 Agenda What Are We Covering Today? 1. What is a Bug Bounty? 2. Bug Bounty Industry Trends 3. Trends From the Researcher Community
CONFIDENTIALJULY 2016 GTM PLAYBOOK What Is a Bug Bounty?
September 2016 5 What is a Bug Bounty? For Those of You Who Are New To companies and their applications in exchange for… Where independent security researchers all over the word f Think of it as a competition… Find & report vulnerabilities Rewards
September 2016 6 What Problem Do Bug Bounties Solve? Combat the Defenders Dilemma
September 2016 7 They Have Been Around For 20+ Years Bug Bounty History 1995 2002 2005 2004 2007 © BUGCROWD INC. 2016 Breakthrough in Bug Bounties Modern Bug BountiesEarly Bug Bounties The History of Bug Bounties: Abbreviated Timeline from 1995 to Present 2010 2011 2012 2013 2014 2015 2016
September 2016 8 What Does Bugcrowd Do? Platform That Connects Organizations to the Researcher Community 38,000+ Researchers With specialized skills including web, mobile and IoT hacking. Our community is made up of tens of thousands of the hackers from around the world. f Organizations Both Big and Small Making Bug Bounties easy for ever type of company through a variety of Bug Bounty Solutions.
CONFIDENTIALJULY 2016 GTM PLAYBOOK State of Bug Bounty 2016 What Our Data Is Saying About the Industry
September 2016 11 Where Has All Our Data Come From? Our Success So Far 300+total programs run on the Bugcrowd platform 64%private programs compared to 36% public 54K+Total vulnerability submissions made as of September 15, 2016 $3M+Paid out to the crowd as of September 15, 2016 38K+researchers in the crowd as of September 15, 2016 210%program growth
September 2016 10 What We Know Today Bug Bounties Have Reached A Tipping Point Quality Compared with traditional testing methods, bug bounties present a significant advantage Maturation As this model matures, with private programs gaining traction, more organizations can tap into the crowd Growth More organizations are adopting this model, including large enterprises and traditional industries Impact Critical vulnerabilities are increasing in volume along with average payout per bug
September 2016 12 Considerable Growth In Program Types Market Adopting Quickly Total Number of Bounty Programs being ran are on the rise. A 210% increase YOY Private programs being adopted quicker than public programs 63% of all launched programs are private
September 2016 13 Growth Across Many Verticals Industries Utilizing A Bug Bounty Companies of all industry types are running Bug Bounty Programs As expected, computer software and more internet built companies having widest adoption “Non-Traditional” industries (healthcare, financial services) rapidly adopting over last 12 months
September 2016 14 Growth Across All Sizes of Organizations SMB & Enterprise Enterprise quickly adopting over last 12 months accounting for 11% of programs 50% of programs ran by companies with 200 employees or less due to economical advantage
September 2016 15 What is Being Found? Volume of Valid & Original Vulnerabilities Over Time Vulnerability Rating Taxonomy: http://bgcd.co/vrt-2016 More critical vulnerabilities being submitted Less non-critical vulnerabilities being submitted Security researchers are getting more discerning with what they submit Organizations are getting more prescriptive with scope and goals of programs
September 2016 16 What is Being Found? Types of Vulnerabilities Why So Much XXS: http://bgcd.co/xss-big-bugs XSS accounts for 66% of all valid submissions CSRF next highest at 20% of all valid submissions
September 2016 17 Why Is This Adoption Happening? Survey Results: Top value in running a bug bounty program
CONFIDENTIALJULY 2016 GTM PLAYBOOK State of Bug Bounty 2016 What Our Data Is Saying About the Crowd
September 2016 19 Rapidly Growing Researcher Community Currently 38,000+ Researchers
September 2016 20 Researchers Are Making Money How Much Has Been Paid Out $2,054,721 has been paid out to date to the global researcher community from 6,803 number of valid vulnerabilities being found Defensive Vulnerability Pricing Model: http://bgcd.co/dvpm-2016
September 2016 21 Rapidly Growing Researcher Community From All Over The World
September 2016 22 Different Types of Researchers Survey Data: Wide Range of Age & Education 12.76% 4.10% 42.14% 28.70% 12.30% Graduate Degree Some Graduate School College Degree Some College High School Degree
September 2016 23 Researcher Time Spent Hacking Survey Data: Not Yet a Full Time Thing For Most 15% of the crowd is hacking on bug bounties as primary source of income 24% of the crowd are full time developers 18% of the crowd are full time pen testers Be on the look our for our upcoming report on the Bugcrowd community
September 2016 24 Different Types of Researchers Survey Data: Wide Range of Skills & Specialities
CONFIDENTIALJULY 2016 GTM PLAYBOOK Key Takeaways Where the Market is Today and Where is it Going?
September 2016 26 What We Know Today Bug Bounties Have Reached A Tipping Point Quality Compared with traditional testing methods, bug bounties present a significant advantage Maturation As this model matures, with private programs gaining traction, more organizations can tap into the crowd Growth More organizations are adopting this model, including large enterprises and traditional industries Impact Critical vulnerabilities are increasing in volume along with average payout per bug
September 2016 27 What We Know Today Wide Range of Companies Adopting
September 2016 28 Multi Solution Bug Bounty Model Gaining Traction Not Just About Public Programs Engage the collective intelligence of thousands of security researchers worldwide. The perfect solution to incentivize the continuous testing of main web properties, self-sign up apps, or anything already publicly accessible. Private Ongoing ProgramPublic Ongoing Program Continuous testing using a private, invite- only, crowd of researchers. The perfect solution to incentivize the continuous testing of apps that require specialized skill sets or that are harder to access. Project based testing using a private, invite-only, crowd of researchers. The perfect solution for testing new products, major releases, new features, or anything needing a quick test for up to two weeks. On-Demand Program Many organizations are utilizing different types of Bug Bounty Solutions
September 2016 29 Predictions and Challenges Bug Bounties Have Reached A Tipping Point PREDICTION: The crowd will continue to diversify and mature, creating more opportunities for organizations to utilize bug bounties for increasingly complex applications PREDICTION: Traditional testing methods will evolve to work alongside bug bounty programs PREDICTION: Bug bounties will shift from a “nice to have” to a “must have” for most organizations

CONFIDENTIALJULY 2016 GTM PLAYBOOK Q&A Download the full report here: http://bgcd.co/state-of-bug-bounty-2016

Recomendados

AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'bugcrowd
 
7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTEDbugcrowd
 
[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programs[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programsbugcrowd
 
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Programbugcrowd
 
Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]bugcrowd
 
4 Reasons to Crowdsource Your Pen Test
4 Reasons to Crowdsource Your Pen Test4 Reasons to Crowdsource Your Pen Test
4 Reasons to Crowdsource Your Pen Testbugcrowd
 
Key Takeaways from Instructure's Successful Bug Bounty Program
Key Takeaways from Instructure's Successful Bug Bounty ProgramKey Takeaways from Instructure's Successful Bug Bounty Program
Key Takeaways from Instructure's Successful Bug Bounty Programbugcrowd
 
Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsHackerOne
 

Recomendados

AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'bugcrowd
 
7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTEDbugcrowd
 
[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programs[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programsbugcrowd
 
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Programbugcrowd
 
Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]bugcrowd
 
4 Reasons to Crowdsource Your Pen Test
4 Reasons to Crowdsource Your Pen Test4 Reasons to Crowdsource Your Pen Test
4 Reasons to Crowdsource Your Pen Testbugcrowd
 
Key Takeaways from Instructure's Successful Bug Bounty Program
Key Takeaways from Instructure's Successful Bug Bounty ProgramKey Takeaways from Instructure's Successful Bug Bounty Program
Key Takeaways from Instructure's Successful Bug Bounty Programbugcrowd
 
Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsHackerOne
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gatesEoin Keary
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 
OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackIvanti
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackIvanti
 
Risk Based Approach In cyber Security In Nepal
Risk Based Approach In cyber Security In NepalRisk Based Approach In cyber Security In Nepal
Risk Based Approach In cyber Security In NepalICT Frame Magazine Pvt. Ltd.
 
Survey Says! 2017 Shrink Data Results
Survey Says! 2017 Shrink Data ResultsSurvey Says! 2017 Shrink Data Results
Survey Says! 2017 Shrink Data ResultsNational Retail Federation
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicAvecto
 
How to be everywhere tackling multi store security
How to be everywhere tackling multi store securityHow to be everywhere tackling multi store security
How to be everywhere tackling multi store securityNational Retail Federation
 
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217National Retail Federation
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Healthbugcrowd
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testingjananya213
 
A Hacker's perspective on ransomware
A Hacker's perspective on ransomwareA Hacker's perspective on ransomware
A Hacker's perspective on ransomwareAvecto
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
2017 U.S. State of Cybercrime
2017 U.S. State of Cybercrime2017 U.S. State of Cybercrime
2017 U.S. State of CybercrimeIDG
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationReinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationProofpoint
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
Kenna Datasheet
Kenna DatasheetKenna Datasheet
Kenna DatasheetSteve Behrens
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 
Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsWebinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsCasey Ellis
 
HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT E.S.G. JR. Consulting, Inc.
 

Más contenido relacionado

La actualidad más candente

One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gatesEoin Keary
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 
OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackIvanti
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackIvanti
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicAvecto
 
How to be everywhere tackling multi store security
How to be everywhere tackling multi store securityHow to be everywhere tackling multi store security
How to be everywhere tackling multi store securityNational Retail Federation
 
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217National Retail Federation
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Healthbugcrowd
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testingjananya213
 
A Hacker's perspective on ransomware
A Hacker's perspective on ransomwareA Hacker's perspective on ransomware
A Hacker's perspective on ransomwareAvecto
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
2017 U.S. State of Cybercrime
2017 U.S. State of Cybercrime2017 U.S. State of Cybercrime
2017 U.S. State of CybercrimeIDG
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationReinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationProofpoint
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreVeracode
 

La actualidad más candente (20)

One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gates
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
 
OSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced AttackOSB340: Disrupting an Advanced Attack
OSB340: Disrupting an Advanced Attack
 
OSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced AttackOSB340R: Disrupting an Advanced Attack
OSB340R: Disrupting an Advanced Attack
 
Risk Based Approach In cyber Security In Nepal
Risk Based Approach In cyber Security In NepalRisk Based Approach In cyber Security In Nepal
Risk Based Approach In cyber Security In Nepal
 
Survey Says! 2017 Shrink Data Results
Survey Says! 2017 Shrink Data ResultsSurvey Says! 2017 Shrink Data Results
Survey Says! 2017 Shrink Data Results
 
Containing the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemicContaining the outbreak: The healthcare security pandemic
Containing the outbreak: The healthcare security pandemic
 
How to be everywhere tackling multi store security
How to be everywhere tackling multi store securityHow to be everywhere tackling multi store security
How to be everywhere tackling multi store security
 
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217
Digital crimescene emv_update_nrfprotect17_skipmyersbethprovenzano_final061217
 
Revitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr HealthRevitalizing Product Securtiy at Zephyr Health
Revitalizing Product Securtiy at Zephyr Health
 
Penetration Testing
Penetration TestingPenetration Testing
Penetration Testing
 
A Hacker's perspective on ransomware
A Hacker's perspective on ransomwareA Hacker's perspective on ransomware
A Hacker's perspective on ransomware
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey
 
2017 U.S. State of Cybercrime
2017 U.S. State of Cybercrime2017 U.S. State of Cybercrime
2017 U.S. State of Cybercrime
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationReinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
Kenna Datasheet
Kenna DatasheetKenna Datasheet
Kenna Datasheet
 
The Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t IgnoreThe Four(ish) Appsec Metrics You Can’t Ignore
The Four(ish) Appsec Metrics You Can’t Ignore
 

Similar a Bug Bounty Tipping Point: Strength in Numbers

Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsWebinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsCasey Ellis
 
Pharaoh of medicine
Pharaoh of medicinePharaoh of medicine
Pharaoh of medicinedodaalex
 
Winning the Mobile Customer Shift featuring Forrester
Winning the Mobile Customer Shift featuring ForresterWinning the Mobile Customer Shift featuring Forrester
Winning the Mobile Customer Shift featuring ForresterBraze (formerly Appboy)
 
Three Mobile User Acquisition Megatrends for 2017
Three Mobile User Acquisition Megatrends for 2017Three Mobile User Acquisition Megatrends for 2017
Three Mobile User Acquisition Megatrends for 2017Eric Seufert
 
Earn Money from bug bounty
Earn Money from bug bountyEarn Money from bug bounty
Earn Money from bug bountyJay Nagar
 
JOURNALISM, MEDIA AND TECHNOLOGY PREDICTIONS 2016
JOURNALISM, MEDIA AND TECHNOLOGY PREDICTIONS 2016JOURNALISM, MEDIA AND TECHNOLOGY PREDICTIONS 2016
JOURNALISM, MEDIA AND TECHNOLOGY PREDICTIONS 2016GM BBI research & liaison
 
A peek into Social Media
A peek into Social MediaA peek into Social Media
A peek into Social MediaLoopaa MarCom
 
Mobile And The Media 5 Ways To Succeed In 2016
Mobile And The Media 5 Ways To Succeed In 2016Mobile And The Media 5 Ways To Succeed In 2016
Mobile And The Media 5 Ways To Succeed In 2016Swrve_Inc
 
mHealth and Digital Masters : Novartis Vs Kodak
mHealth and Digital Masters : Novartis Vs KodakmHealth and Digital Masters : Novartis Vs Kodak
mHealth and Digital Masters : Novartis Vs KodakJoseph Pategou
 
WBI Market Driven Commercialization
WBI Market Driven Commercialization WBI Market Driven Commercialization
WBI Market Driven Commercialization Casey LeBrun
 
Mindshare at DES: Programmatic: It's Not Really About Cheap Media
Mindshare at DES: Programmatic: It's Not Really About Cheap MediaMindshare at DES: Programmatic: It's Not Really About Cheap Media
Mindshare at DES: Programmatic: It's Not Really About Cheap MediaDigiday
 
Adobe Digital Insights Advertising Demand Report 2016: North America
Adobe Digital Insights Advertising Demand Report 2016: North AmericaAdobe Digital Insights Advertising Demand Report 2016: North America
Adobe Digital Insights Advertising Demand Report 2016: North AmericaAdobe
 
7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo Security7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo SecurityMarcos Ortiz Valmaseda
 
When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open sourceRogue Wave Software
 
Carats top 10 trends 2016
Carats top 10 trends 2016Carats top 10 trends 2016
Carats top 10 trends 2016Brian Crotty
 

Similar a Bug Bounty Tipping Point: Strength in Numbers (20)

Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsWebinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po edits
 
HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT
 
Indonesia Most Popular Mobile Browser App 2014
Indonesia Most Popular Mobile Browser App 2014Indonesia Most Popular Mobile Browser App 2014
Indonesia Most Popular Mobile Browser App 2014
 
Pharaoh of medicine
Pharaoh of medicinePharaoh of medicine
Pharaoh of medicine
 
Winning the Mobile Customer Shift featuring Forrester
Winning the Mobile Customer Shift featuring ForresterWinning the Mobile Customer Shift featuring Forrester
Winning the Mobile Customer Shift featuring Forrester
 
Three Mobile User Acquisition Megatrends for 2017
Three Mobile User Acquisition Megatrends for 2017Three Mobile User Acquisition Megatrends for 2017
Three Mobile User Acquisition Megatrends for 2017
 
Earn Money from bug bounty
Earn Money from bug bountyEarn Money from bug bounty
Earn Money from bug bounty
 
JOURNALISM, MEDIA AND TECHNOLOGY PREDICTIONS 2016
JOURNALISM, MEDIA AND TECHNOLOGY PREDICTIONS 2016JOURNALISM, MEDIA AND TECHNOLOGY PREDICTIONS 2016
JOURNALISM, MEDIA AND TECHNOLOGY PREDICTIONS 2016
 
Newman predictions-2016-final
Newman predictions-2016-finalNewman predictions-2016-final
Newman predictions-2016-final
 
Digital News Report 2016, THOMSON REUTERS Institute
Digital News Report 2016, THOMSON REUTERS InstituteDigital News Report 2016, THOMSON REUTERS Institute
Digital News Report 2016, THOMSON REUTERS Institute
 
The state of native advertising 2014
The state of native advertising 2014The state of native advertising 2014
The state of native advertising 2014
 
A peek into Social Media
A peek into Social MediaA peek into Social Media
A peek into Social Media
 
Mobile And The Media 5 Ways To Succeed In 2016
Mobile And The Media 5 Ways To Succeed In 2016Mobile And The Media 5 Ways To Succeed In 2016
Mobile And The Media 5 Ways To Succeed In 2016
 
mHealth and Digital Masters : Novartis Vs Kodak
mHealth and Digital Masters : Novartis Vs KodakmHealth and Digital Masters : Novartis Vs Kodak
mHealth and Digital Masters : Novartis Vs Kodak
 
WBI Market Driven Commercialization
WBI Market Driven Commercialization WBI Market Driven Commercialization
WBI Market Driven Commercialization
 
Mindshare at DES: Programmatic: It's Not Really About Cheap Media
Mindshare at DES: Programmatic: It's Not Really About Cheap MediaMindshare at DES: Programmatic: It's Not Really About Cheap Media
Mindshare at DES: Programmatic: It's Not Really About Cheap Media
 
Adobe Digital Insights Advertising Demand Report 2016: North America
Adobe Digital Insights Advertising Demand Report 2016: North AmericaAdobe Digital Insights Advertising Demand Report 2016: North America
Adobe Digital Insights Advertising Demand Report 2016: North America
 
7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo Security7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo Security
 
When is free not free: The true costs of open source
When is free not free: The true costs of open sourceWhen is free not free: The true costs of open source
When is free not free: The true costs of open source
 
Carats top 10 trends 2016
Carats top 10 trends 2016Carats top 10 trends 2016
Carats top 10 trends 2016
 

Más de bugcrowd

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodologybugcrowd
 
If You Can't Beat 'Em, Join 'Em (AppSecUSA)
If You Can't Beat 'Em, Join 'Em (AppSecUSA)If You Can't Beat 'Em, Join 'Em (AppSecUSA)
If You Can't Beat 'Em, Join 'Em (AppSecUSA)bugcrowd
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
 
If You Can't Beat 'Em, Join 'Em
If You Can't Beat 'Em, Join 'Em If You Can't Beat 'Em, Join 'Em
If You Can't Beat 'Em, Join 'Embugcrowd
 
Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016bugcrowd
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty ProgramsHI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programsbugcrowd
 
How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLV
How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLVHow Portal Can Change Your Security Forever - Kati Rodzon at BSidesLV
How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLVbugcrowd
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...bugcrowd
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
 
5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Program5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Programbugcrowd
 
How to run a kick ass bug bounty program - Node Summit 2013
How to run a kick ass bug bounty program - Node Summit 2013How to run a kick ass bug bounty program - Node Summit 2013
How to run a kick ass bug bounty program - Node Summit 2013bugcrowd
 

Más de bugcrowd (13)

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Ekoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's MethodologyEkoparty 2017 - The Bug Hunter's Methodology
Ekoparty 2017 - The Bug Hunter's Methodology
 
If You Can't Beat 'Em, Join 'Em (AppSecUSA)
If You Can't Beat 'Em, Join 'Em (AppSecUSA)If You Can't Beat 'Em, Join 'Em (AppSecUSA)
If You Can't Beat 'Em, Join 'Em (AppSecUSA)
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
 
If You Can't Beat 'Em, Join 'Em
If You Can't Beat 'Em, Join 'Em If You Can't Beat 'Em, Join 'Em
If You Can't Beat 'Em, Join 'Em
 
Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016Writing vuln reports that maximize payouts - Nullcon 2016
Writing vuln reports that maximize payouts - Nullcon 2016
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty ProgramsHI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
 
How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLV
How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLVHow Portal Can Change Your Security Forever - Kati Rodzon at BSidesLV
How Portal Can Change Your Security Forever - Kati Rodzon at BSidesLV
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
 
Mobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the AttackerMobile Application Security Threats through the Eyes of the Attacker
Mobile Application Security Threats through the Eyes of the Attacker
 
5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Program5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Program
 
How to run a kick ass bug bounty program - Node Summit 2013
How to run a kick ass bug bounty program - Node Summit 2013How to run a kick ass bug bounty program - Node Summit 2013
How to run a kick ass bug bounty program - Node Summit 2013
 

Último

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

Último (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Bug Bounty Tipping Point: Strength in Numbers

  • 1. September 2016 1 Folks Leading The Discussion Today Quick Bios
  • 2. September 2016 2 Folks Leading The Discussion Today Quick Bios @caseyjohnellis Found and CEO, Bugcrowd Recovering pentester turned solution architect turned sales guy turned entrepreneur @kym_possible Senior Director of Researcher Operations, Bugcrowd Data analyst, security evangelist, behavioral psychologist, former director of a Red Team
  • 3. September 2016 3 Agenda What Are We Covering Today? 1. What is a Bug Bounty? 2. Bug Bounty Industry Trends 3. Trends From the Researcher Community
  • 4. CONFIDENTIALJULY 2016 GTM PLAYBOOK What Is a Bug Bounty?
  • 5. September 2016 5 What is a Bug Bounty? For Those of You Who Are New To companies and their applications in exchange for… Where independent security researchers all over the word f Think of it as a competition… Find & report vulnerabilities Rewards
  • 6. September 2016 6 What Problem Do Bug Bounties Solve? Combat the Defenders Dilemma
  • 7. September 2016 7 They Have Been Around For 20+ Years Bug Bounty History 1995 2002 2005 2004 2007 © BUGCROWD INC. 2016 Breakthrough in Bug Bounties Modern Bug BountiesEarly Bug Bounties The History of Bug Bounties: Abbreviated Timeline from 1995 to Present 2010 2011 2012 2013 2014 2015 2016
  • 8. September 2016 8 What Does Bugcrowd Do? Platform That Connects Organizations to the Researcher Community 38,000+ Researchers With specialized skills including web, mobile and IoT hacking. Our community is made up of tens of thousands of the hackers from around the world. f Organizations Both Big and Small Making Bug Bounties easy for ever type of company through a variety of Bug Bounty Solutions.
  • 9. CONFIDENTIALJULY 2016 GTM PLAYBOOK State of Bug Bounty 2016 What Our Data Is Saying About the Industry
  • 10. September 2016 11 Where Has All Our Data Come From? Our Success So Far 300+total programs run on the Bugcrowd platform 64%private programs compared to 36% public 54K+Total vulnerability submissions made as of September 15, 2016 $3M+Paid out to the crowd as of September 15, 2016 38K+researchers in the crowd as of September 15, 2016 210%program growth
  • 11. September 2016 10 What We Know Today Bug Bounties Have Reached A Tipping Point Quality Compared with traditional testing methods, bug bounties present a significant advantage Maturation As this model matures, with private programs gaining traction, more organizations can tap into the crowd Growth More organizations are adopting this model, including large enterprises and traditional industries Impact Critical vulnerabilities are increasing in volume along with average payout per bug
  • 12. September 2016 12 Considerable Growth In Program Types Market Adopting Quickly Total Number of Bounty Programs being ran are on the rise. A 210% increase YOY Private programs being adopted quicker than public programs 63% of all launched programs are private
  • 13. September 2016 13 Growth Across Many Verticals Industries Utilizing A Bug Bounty Companies of all industry types are running Bug Bounty Programs As expected, computer software and more internet built companies having widest adoption “Non-Traditional” industries (healthcare, financial services) rapidly adopting over last 12 months
  • 14. September 2016 14 Growth Across All Sizes of Organizations SMB & Enterprise Enterprise quickly adopting over last 12 months accounting for 11% of programs 50% of programs ran by companies with 200 employees or less due to economical advantage
  • 15. September 2016 15 What is Being Found? Volume of Valid & Original Vulnerabilities Over Time Vulnerability Rating Taxonomy: http://bgcd.co/vrt-2016 More critical vulnerabilities being submitted Less non-critical vulnerabilities being submitted Security researchers are getting more discerning with what they submit Organizations are getting more prescriptive with scope and goals of programs
  • 16. September 2016 16 What is Being Found? Types of Vulnerabilities Why So Much XXS: http://bgcd.co/xss-big-bugs XSS accounts for 66% of all valid submissions CSRF next highest at 20% of all valid submissions
  • 17. September 2016 17 Why Is This Adoption Happening? Survey Results: Top value in running a bug bounty program
  • 18. CONFIDENTIALJULY 2016 GTM PLAYBOOK State of Bug Bounty 2016 What Our Data Is Saying About the Crowd
  • 19. September 2016 19 Rapidly Growing Researcher Community Currently 38,000+ Researchers
  • 20. September 2016 20 Researchers Are Making Money How Much Has Been Paid Out $2,054,721 has been paid out to date to the global researcher community from 6,803 number of valid vulnerabilities being found Defensive Vulnerability Pricing Model: http://bgcd.co/dvpm-2016
  • 21. September 2016 21 Rapidly Growing Researcher Community From All Over The World
  • 22. September 2016 22 Different Types of Researchers Survey Data: Wide Range of Age & Education 12.76% 4.10% 42.14% 28.70% 12.30% Graduate Degree Some Graduate School College Degree Some College High School Degree
  • 23. September 2016 23 Researcher Time Spent Hacking Survey Data: Not Yet a Full Time Thing For Most 15% of the crowd is hacking on bug bounties as primary source of income 24% of the crowd are full time developers 18% of the crowd are full time pen testers Be on the look our for our upcoming report on the Bugcrowd community
  • 24. September 2016 24 Different Types of Researchers Survey Data: Wide Range of Skills & Specialities
  • 25. CONFIDENTIALJULY 2016 GTM PLAYBOOK Key Takeaways Where the Market is Today and Where is it Going?
  • 26. September 2016 26 What We Know Today Bug Bounties Have Reached A Tipping Point Quality Compared with traditional testing methods, bug bounties present a significant advantage Maturation As this model matures, with private programs gaining traction, more organizations can tap into the crowd Growth More organizations are adopting this model, including large enterprises and traditional industries Impact Critical vulnerabilities are increasing in volume along with average payout per bug
  • 27. September 2016 27 What We Know Today Wide Range of Companies Adopting
  • 28. September 2016 28 Multi Solution Bug Bounty Model Gaining Traction Not Just About Public Programs Engage the collective intelligence of thousands of security researchers worldwide. The perfect solution to incentivize the continuous testing of main web properties, self-sign up apps, or anything already publicly accessible. Private Ongoing ProgramPublic Ongoing Program Continuous testing using a private, invite- only, crowd of researchers. The perfect solution to incentivize the continuous testing of apps that require specialized skill sets or that are harder to access. Project based testing using a private, invite-only, crowd of researchers. The perfect solution for testing new products, major releases, new features, or anything needing a quick test for up to two weeks. On-Demand Program Many organizations are utilizing different types of Bug Bounty Solutions
  • 29. September 2016 29 Predictions and Challenges Bug Bounties Have Reached A Tipping Point PREDICTION: The crowd will continue to diversify and mature, creating more opportunities for organizations to utilize bug bounties for increasingly complex applications PREDICTION: Traditional testing methods will evolve to work alongside bug bounty programs PREDICTION: Bug bounties will shift from a “nice to have” to a “must have” for most organizations

  • 30. CONFIDENTIALJULY 2016 GTM PLAYBOOK Q&A Download the full report here: http://bgcd.co/state-of-bug-bounty-2016