Back To Schedule
Tuesday, January 26 • 10:30am - 11:20am
To bounty, or not to bounty? Security@ insights from 500 organizations.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Security@ addresses across the internet are experiencing a surge in activity as organizations embrace collaboration with the security researcher community through vulnerability disclosure programs. In our journey to uncover the perfect approach, one thing became certain: every organization is wildly unique and there is no one size fits all answer. To understand what exactly contributes to a successful program, we've analyzed aggregate Security@ data from over 500 organizations and devised a weighted index across six dimensions:

* Researcher Breadth

* Researcher Depth

* Vulnerabilities Found

* Response Efficiency

* Reward Competitiveness

* Signal Ratio

The result is an advanced framework for quantifying impact and assessing the performance of these programs. Whether you already run an active bug bounty program or still have a security@ address that bounces, you can expect this talk to help you shed blind dogma and walk away armed with an analytical approach to running an effective Security@.

avatar for Alex Rice

Alex Rice

Alex Rice is a co-founder and the Chief Technology Officer at HackerOne, providing a platform that enables organizations to build strong relationships with a community of security experts. Alex is responsible for developing the HackerOne technology vision, driving engineering efforts... Read More →

Tuesday January 26, 2016 10:30am - 11:20am PST
Annenberg Community Beach House