What We Discuss with Casey Ellis:
- CrowdSource security as a service model & Bug Bounty.
- How to make people feel comfortable with the concept of crowdsource security?
- Is bug bounty only for big companies?
- How can people get into the Bug Bounty Space? Can anyone get into it?
- How can we foster a safer environment to talk about Bug Bounty openly?
- When Bug Bounty goes wrong?
- How do economics and game theory play into the crowdsourcing bug bounty scene? Do researchers look for other outlets? How do companies find the sweet spot of payments?
- Is it better to disclose a bug to a third party or the actual company?
- And much more…
THANKS, Casey Ellis !
If you enjoyed this session with Casey Ellis, let him know by clicking on the link below and sending her a quick shout out at Twitter:
Click here to thank Casey Ellis on Linkedin!
Click here to let Ashish know about your number one takeaway from this episode!
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at ashish@kaizenteq.com.
Resources from This Episode:
- Tools & services, discussed during the Interview
- BugCrowd for Everyone: Check out bugcrowd.com/try-bugcrowd to see the Bugcrowd platform and understand all the things we do.
- Disclose.io: Looking for contribution/PR to the AUS and NZ terms in https://github.com/disclose/dioterms/tree/master/regional/drafts.
- Add your VDP to Disclose.io : Add your VDP to https://github.com/disclose/diodb (and add safeharbor language if you don’t already have it!)
- BugCrowd University: https://www.bugcrowd.com/hackers/bugcrowd-university/ for the hackers and budding hackers
- Cloud Security Academy