AppSec California 2016: To bounty, or not to bounty? Security@ i...

View analytic

To bounty, or not to bounty? Security@ insights from 500 organizations.

Security@ addresses across the internet are experiencing a surge in activity as organizations embrace collaboration with the security researcher community through vulnerability disclosure programs. In our journey to uncover the perfect approach, one thing became certain: every organization is wildly unique and there is no one size fits all answer. To understand what exactly contributes to a successful program, we've analyzed aggregate Security@ data from over 500 organizations and devised a weighted index across six dimensions:

* Researcher Breadth

* Researcher Depth

* Vulnerabilities Found

* Response Efficiency

* Reward Competitiveness

* Signal Ratio

The result is an advanced framework for quantifying impact and assessing the performance of these programs. Whether you already run an active bug bounty program or still have a security@ address that bounces, you can expect this talk to help you shed blind dogma and walk away armed with an analytical approach to running an effective Security@.

Speakers

Alex Rice

Alex Rice is a co-founder and the Chief Technology Officer at HackerOne, providing a platform that enables organizations to build strong relationships with a community of security experts. Alex is responsible for developing the HackerOne technology vision, driving engineering efforts... Read More →

Tuesday January 26, 2016 10:30am - 11:20am
Annenberg Community Beach House 415 Pacific Coast Hwy, Santa Monica, CA 90402

Garden Terrace Room

YouTube https://www.youtube.com/watch?v=pR2KNJAQyB0

AppSec California 2016

Alex Rice

Attendees (7)

Recently Active Attendees

AppSec California 2016

Sign up or log in to save this to your schedule and see who's attending!

Alex Rice

Attendees (7)

Recently Active Attendees