The Boring AppSec Podcast S1E08 - Bug Bounties Part 2

The eigth episode of The Boring AppSec Podcast is live now.

This is actually a continuation of Episode 3 but we focus more on the program's perspective this time around. We discuss a lot of nuances in details such as:

  • How do you think about when to start a bug bounty program
  • What does a mature bug bounty program look like
  • How a program decides how much bounty to reward
  • Differences between a vulnerability disclosure program (VDP) and a bug bounty program
  • How to convince internal and external stakeholders that running a bug bounty program could be beneficial to an organization
  • How do you treat interal pentesters vs bug bounty researchers and much more..

Tune in to find out more, if you like the episode, please do subscribe!

If you like the content and don't want to miss out on new posts, enter your email and hit the Subscribe button below. I promise I won't spam. Only premium content!