BSidesSLC – NERXRZ: Bugs, Bounties, and Disclosures
https://www.ispeech.org
Several large organizations, including Facebook, Google, and Mozilla, have turned to crowd-sourcing to find security and privacy flaws. Bug bounty programs pay users between $500 and $60,000 for locating and reporting security defects. Rob Jorgensen discusses the history and current state of bug bounties, his discovery of a logic flaw in Facebook that resulted in users sharing more than they intended, and his experience reporting the bug and being awarded a bounty. This talk has been presented before to the local ISACA chapter and DC801, but has been expanded and updated with new information.
2013-04-22 20:21:45
source
Gloss