Play by Play: Bug Bounties for Companies

In this course, you’ll learn how your organization would benefit from a bug bounty and how to determine if it’s ready to undertake a bug bounty program of its own.
Course info
Level
Beginner
Updated
May 16, 2018
Duration
48m
Table of contents
Description
Course info
Level
Beginner
Updated
May 16, 2018
Duration
48m
Description

In this course, Play by Play: Bug Bounties for Companies, Troy Hunt and Casey Ellis discuss bug bounties from the perspective of organizations interested in running their first bug bounty program. Learn the purpose bug bounties serve, how bug bounties are run, and how to position a bug bounty program to leadership in order to get buy-in for the program. By the end of this course, you’ll be able to speak to the benefits of a bug bounty program and ascertain if your organization is ready to undertake a bug bounty of its own.

About the author
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Ethical Hacking: Denial of Service
Beginner
2h 50m
Sep 17, 2019
Ethical Hacking: SQL Injection
Beginner
5h 26m
Sep 16, 2019
Ethical Hacking: Session Hijacking
Beginner
3h 28m
Sep 16, 2019
More courses by Troy Hunt
About the author

Bugcrowd Founder and CTO, Casey Ellis, is an infosec veteran who pioneered the Bug-Bounty-as-a-Service model, launching the first bug bounty programs on Bugcrowd in 2012.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi this is Troy Hunt. And I'm Casey Ellis of Bugcrowd. And welcome to our Play by Play on Bug Bounties for Companies. I'm an Australian Pluralsight author and web security specialist, and I'm especially interested in the things that we can do to help organizations better protect their online assets. As the founder, CTO, and chairman of Bugcrowd, I spend most of my time connecting the customers that we work with with the broader white-hat community to get feedback on how to better defend their assets, so obviously I'm interested in this subject today. In this course, we're going to look at why organizations should run bug bounties. What's in it for them, what are the risks they face? Yeah, we'll talk a lot about best practice, how to do this well, how to make sure that as you're considering a crowd source security program, what are the things that you need to line up for success and to avoid failure. And indeed, what are the pitfalls where companies have gone wrong with bounties in the past? We'll cover best practices and how to do this right, some of the failure stories over I've seen over the years, and how not to do it wrong, as well as talking a bit about how this concept has jumped out of the Bay area and the earlier adopting technology market into the broader security community and the broader enterprise defender. I'm really excited to have one of the best brains within the bug bounty industry here with me in this Play by Play. I hope you'll join us on this journey to learn about Bug Bounties for Companies.