In this course, Play by Play: Bug Bounties for Companies, Troy Hunt and Casey Ellis discuss bug bounties from the perspective of organizations interested in running their first bug bounty program. Learn the purpose bug bounties serve, how bug bounties are run, and how to position a bug bounty program to leadership in order to get buy-in for the program. By the end of this course, you’ll be able to speak to the benefits of a bug bounty program and ascertain if your organization is ready to undertake a bug bounty of its own.
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.
Course Overview Hi this is Troy Hunt. And I'm Casey Ellis of Bugcrowd. And welcome to our Play by Play on Bug Bounties for Companies. I'm an Australian Pluralsight author and web security specialist, and I'm especially interested in the things that we can do to help organizations better protect their online assets. As the founder, CTO, and chairman of Bugcrowd, I spend most of my time connecting the customers that we work with with the broader white-hat community to get feedback on how to better defend their assets, so obviously I'm interested in this subject today. In this course, we're going to look at why organizations should run bug bounties. What's in it for them, what are the risks they face? Yeah, we'll talk a lot about best practice, how to do this well, how to make sure that as you're considering a crowd source security program, what are the things that you need to line up for success and to avoid failure. And indeed, what are the pitfalls where companies have gone wrong with bounties in the past? We'll cover best practices and how to do this right, some of the failure stories over I've seen over the years, and how not to do it wrong, as well as talking a bit about how this concept has jumped out of the Bay area and the earlier adopting technology market into the broader security community and the broader enterprise defender. I'm really excited to have one of the best brains within the bug bounty industry here with me in this Play by Play. I hope you'll join us on this journey to learn about Bug Bounties for Companies.