The Boring AppSec Podcast S1E08 - Bug Bounties Part 2

The eigth episode of The Boring AppSec Podcast is live now.

This is actually a continuation of Episode 3 but we focus more on the program's perspective this time around. We discuss a lot of nuances in details such as:

• How do you think about when to start a bug bounty program
• What does a mature bug bounty program look like
• How a program decides how much bounty to reward
• Differences between a vulnerability disclosure program (VDP) and a bug bounty program
• How to convince internal and external stakeholders that running a bug bounty program could be beneficial to an organization
• How do you treat interal pentesters vs bug bounty researchers and much more..

Tune in to find out more, if you like the episode, please do subscribe!