What We Discuss with Casey Ellis:
- CrowdSource security as a service model & Bug Bounty.
- How to make people feel comfortable with the concept of crowdsource security?
- Is bug bounty only for big companies?
- How can people get into the Bug Bounty Space? Can anyone get into it?
- How can we foster a safer environment to talk about Bug Bounty openly?
- When Bug Bounty goes wrong?
- How do economics and game theory play into the crowdsourcing bug bounty scene? Do researchers look for other outlets? How do companies find the sweet spot of payments?
- Is it better to disclose a bug to a third party or the actual company?
- And much more…
THANKS, Casey Ellis !
If you enjoyed this session with Casey Ellis, let him know by clicking on the link below and sending her a quick shout out at Twitter:
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at email@example.com.
Resources from This Episode:
- Tools & services, discussed during the Interview
- BugCrowd for Everyone: Check out bugcrowd.com/try-bugcrowd to see the Bugcrowd platform and understand all the things we do.
- Disclose.io: Looking for contribution/PR to the AUS and NZ terms in https://github.com/disclose/dioterms/tree/master/regional/drafts.
- Add your VDP to Disclose.io : Add your VDP to https://github.com/disclose/diodb (and add safeharbor language if you don’t already have it!)
- BugCrowd University: https://www.bugcrowd.com/hackers/bugcrowd-university/ for the hackers and budding hackers
- Cloud Security Academy