Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, January 26 • 10:30am - 11:20am
To bounty, or not to bounty? Security@ insights from 500 organizations.

Sign up or log in to save this to your schedule and see who's attending!

Security@ addresses across the internet are experiencing a surge in activity as organizations embrace collaboration with the security researcher community through vulnerability disclosure programs. In our journey to uncover the perfect approach, one thing became certain: every organization is wildly unique and there is no one size fits all answer. To understand what exactly contributes to a successful program, we've analyzed aggregate Security@ data from over 500 organizations and devised a weighted index across six dimensions:


* Researcher Breadth

* Researcher Depth

* Vulnerabilities Found

* Response Efficiency

* Reward Competitiveness

* Signal Ratio


The result is an advanced framework for quantifying impact and assessing the performance of these programs. Whether you already run an active bug bounty program or still have a security@ address that bounces, you can expect this talk to help you shed blind dogma and walk away armed with an analytical approach to running an effective Security@.

Speakers
avatar for Alex Rice

Alex Rice

Alex Rice is a co-founder and the Chief Technology Officer at HackerOne, providing a platform that enables organizations to build strong relationships with a community of security experts. Alex is responsible for developing the HackerOne technology vision, driving engineering efforts and counseling customers as they build world-class security programs. In addition to his role at HackerOne, Alex also serves on the board for the Internet Bug... Read More →


Attendees (7)