Published on January 28th, 2019 📆 | 2575 Views ⚑0
BSides Leeds 2019: Confessions Of A Bug Bounty Triager – Glenn Pegden
There is plenty of info out there on participating on Bug Bounty Schemes or on helping vendors start programmes, but very little of it is written by the people actually dealing with the reported
vulnerabilities. Aimed at both Hackers who want to maximize bounties and have less pain dealing with vendors and vendors looking for an unbiased view from trenches, this talk aims to give the Blue side of the Bug Bounty story, from somebody who has spent the last 18 months triaging reports and working with the Bug Bounty Platform providers.
For Hackers, learn how to make sure your reports are taken seriously and how to avoid being “”that guy”” who nobody wants to triage reports from as well as hopefully gaining some insight into why your “”ZOMG! Worst Bug EVER !”” report isn’t always given the attention you think it deserves and how to actually get help from then vendors on things you?re investigating. For vendors, learn from somebody who has spent the last 2 years at the coalface learning what works and what doesn?t about the pros and cons of encouraging random third parties attack your stuff with near impunity and how to get the best from the reports you receive.
Speaker Bio: Despite being an old school hacker who has done almost every job in IT during his career, Glenn decided that he wouldn’t just join the unsexy “”Blue Side”” of InfoSec, but he’d then specialize in the least cool part he could find (at least, without needing the CISSP qualification) Vulnerability Management. By day he does Vulnerability Management and Security Risk Management for SkyBet, by night, well, he tends to post on twitter a bit and then has an early night as he’s getting on a bit.