SlideShare a Scribd company logo
1 of 9
BUG BOUNT Y
PROGRAMS
By: Yassine ABOUKIR
INTRODUCTION
BUG BOUNTY PROGRAM
A bug bounty program is a crowdsourcing initiative that rewards
individuals for discovering and responsibly reporting software security
vulnerabilities. Bug bounty programs are often initiated to supplement
internal code audits and penetration tests as part of an organization's
vulnerability management strategy.
Source : Techtarget
HISTORY
WHAT’S IN IT FOR ORGANIZATIONS?
•Army of friendly hackers.
•Cost-effective solution.
•Eliminate the risk of Zero-days vulnerabilities.
•On-going security testing.
KEY STATISTICS
• Facebook's pioneering bug bounty program has uncovered over 900 bugs and paid
out over 5 million US dollars.
• Google has paid out more than $9 million since the launch of its bug bounty program
in 2010, including over $3 million in 2016.
• Mozilla has paid out over $1.6 million across all of our bounties.
• Yahoo has paid out more than $2 million for vulnerabilities since the launch of its bug
bounty program in 2013.
• Over 100,000 hackers strong in the HackerOne community. Over $20 million paid in
bounties.
RUNNING A BUG BOUNTY PROGRAM
Self-Hosted Bug Bounty Program
Using a Bug Bounty Management Provider
BUG BOUNTY PROGRAM POLICY
Bug bounty programs

More Related Content

What's hot

AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'bugcrowd
 
Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentationamy.covington215944
 
Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsHackerOne
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1rubal_9
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security ReportHackerOne
 
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering HolesChristopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering HolesChris Furton
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Akhil Sharma
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Spyware and adware
Spyware and  adwareSpyware and  adware
Spyware and adwareRaja Kiran
 

What's hot (20)

AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'AppSecUSA 2016: 'Your License for Bug Hunting Season'
AppSecUSA 2016: 'Your License for Bug Hunting Season'
 
Spyware And Anti Virus Software Presentation
Spyware And Anti Virus Software PresentationSpyware And Anti Virus Software Presentation
Spyware And Anti Virus Software Presentation
 
Top 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty ProgramsTop 20 Public Bug Bounty Programs
Top 20 Public Bug Bounty Programs
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
 
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin KleczynskiKaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
Kaseya Connect 2011 - Malwarebytes - Marcin Kleczynski
 
DEFINING A SPYWARE
DEFINING A SPYWAREDEFINING A SPYWARE
DEFINING A SPYWARE
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1
 
Spyware
SpywareSpyware
Spyware
 
Spyware
SpywareSpyware
Spyware
 
Spyware Adware
Spyware AdwareSpyware Adware
Spyware Adware
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
 
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
118 Hacker-Powered Facts From The 2018 Hacker-Powered Security Report
 
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering HolesChristopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
 
Spyware
SpywareSpyware
Spyware
 
Spyware
SpywareSpyware
Spyware
 
spyware
spywarespyware
spyware
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Spyware and adware
Spyware and  adwareSpyware and  adware
Spyware and adware
 

Similar to Bug bounty programs

7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTEDbugcrowd
 
Crowdsourcing Cyber Security
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber SecurityToe Khaing
 
Bug bounties - cén scéal?
Bug bounties - cén scéal?Bug bounties - cén scéal?
Bug bounties - cén scéal?Ciaran McNally
 
The History of Bug Bounty Programs
The History of Bug Bounty ProgramsThe History of Bug Bounty Programs
The History of Bug Bounty ProgramsCobalt
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Behrouz Sadeghipour
 
Bug Bounty Tipping Point: Strength in Numbers
Bug Bounty Tipping Point: Strength in NumbersBug Bounty Tipping Point: Strength in Numbers
Bug Bounty Tipping Point: Strength in Numbersbugcrowd
 
Earn Money from bug bounty
Earn Money from bug bountyEarn Money from bug bounty
Earn Money from bug bountyJay Nagar
 
How to remove yeabd66.cc
How to remove yeabd66.ccHow to remove yeabd66.cc
How to remove yeabd66.ccharoNaroum
 
INSECURE Magazine - 37
INSECURE Magazine - 37INSECURE Magazine - 37
INSECURE Magazine - 37Felipe Prado
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty ProgramsHI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programsbugcrowd
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bountieskunwaratul hax0r
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIArash Ramez
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4conAnchises Moraes
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016Tudor Damian
 
VulnerabilityRewardsProgram
VulnerabilityRewardsProgramVulnerabilityRewardsProgram
VulnerabilityRewardsProgramTaha Kachwala
 
Channel Factory Brand Safety Thesis
Channel Factory Brand Safety ThesisChannel Factory Brand Safety Thesis
Channel Factory Brand Safety ThesisTony Chen
 

Similar to Bug bounty programs (20)

7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED
 
Crowdsourcing Cyber Security
Crowdsourcing Cyber SecurityCrowdsourcing Cyber Security
Crowdsourcing Cyber Security
 
Owasp LA
Owasp LAOwasp LA
Owasp LA
 
Bug bounties - cén scéal?
Bug bounties - cén scéal?Bug bounties - cén scéal?
Bug bounties - cén scéal?
 
The History of Bug Bounty Programs
The History of Bug Bounty ProgramsThe History of Bug Bounty Programs
The History of Bug Bounty Programs
 
Spyware
SpywareSpyware
Spyware
 
Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties Crypto Night at CSUS - Bug Bounties
Crypto Night at CSUS - Bug Bounties
 
Crowdsourced Vulnerability Testing
Crowdsourced Vulnerability TestingCrowdsourced Vulnerability Testing
Crowdsourced Vulnerability Testing
 
Bug Bounty Tipping Point: Strength in Numbers
Bug Bounty Tipping Point: Strength in NumbersBug Bounty Tipping Point: Strength in Numbers
Bug Bounty Tipping Point: Strength in Numbers
 
Earn Money from bug bounty
Earn Money from bug bountyEarn Money from bug bounty
Earn Money from bug bounty
 
How to remove yeabd66.cc
How to remove yeabd66.ccHow to remove yeabd66.cc
How to remove yeabd66.cc
 
INSECURE Magazine - 37
INSECURE Magazine - 37INSECURE Magazine - 37
INSECURE Magazine - 37
 
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty ProgramsHI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs
 
Customer experience pioneer directly protects customer data and reputation wi...
Customer experience pioneer directly protects customer data and reputation wi...Customer experience pioneer directly protects customer data and reputation wi...
Customer experience pioneer directly protects customer data and reputation wi...
 
Web Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug BountiesWeb Application Security And Getting Into Bug Bounties
Web Application Security And Getting Into Bug Bounties
 
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation APIAnti-tampering in Android and Take Look at Google SafetyNet Attestation API
Anti-tampering in Android and Take Look at Google SafetyNet Attestation API
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4con
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
VulnerabilityRewardsProgram
VulnerabilityRewardsProgramVulnerabilityRewardsProgram
VulnerabilityRewardsProgram
 
Channel Factory Brand Safety Thesis
Channel Factory Brand Safety ThesisChannel Factory Brand Safety Thesis
Channel Factory Brand Safety Thesis
 

More from Yassine Aboukir

Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir
 
Le développement : actualité 2013
Le développement : actualité 2013Le développement : actualité 2013
Le développement : actualité 2013Yassine Aboukir
 
Le gouvernement marocain
Le gouvernement marocainLe gouvernement marocain
Le gouvernement marocainYassine Aboukir
 
Présentation sur la grande surface MARJANE
Présentation sur la grande surface MARJANEPrésentation sur la grande surface MARJANE
Présentation sur la grande surface MARJANEYassine Aboukir
 

More from Yassine Aboukir (6)

Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?
 
Entrepreneurship
EntrepreneurshipEntrepreneurship
Entrepreneurship
 
Le développement : actualité 2013
Le développement : actualité 2013Le développement : actualité 2013
Le développement : actualité 2013
 
Le gouvernement marocain
Le gouvernement marocainLe gouvernement marocain
Le gouvernement marocain
 
Analyse concurrentielle
Analyse concurrentielleAnalyse concurrentielle
Analyse concurrentielle
 
Présentation sur la grande surface MARJANE
Présentation sur la grande surface MARJANEPrésentation sur la grande surface MARJANE
Présentation sur la grande surface MARJANE
 

Recently uploaded

The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimaginedpanagenda
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jNeo4j
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?Paolo Missier
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 

Recently uploaded (20)

The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 

Bug bounty programs

  • 1. BUG BOUNT Y PROGRAMS By: Yassine ABOUKIR
  • 3. BUG BOUNTY PROGRAM A bug bounty program is a crowdsourcing initiative that rewards individuals for discovering and responsibly reporting software security vulnerabilities. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy. Source : Techtarget
  • 5. WHAT’S IN IT FOR ORGANIZATIONS? •Army of friendly hackers. •Cost-effective solution. •Eliminate the risk of Zero-days vulnerabilities. •On-going security testing.
  • 6. KEY STATISTICS • Facebook's pioneering bug bounty program has uncovered over 900 bugs and paid out over 5 million US dollars. • Google has paid out more than $9 million since the launch of its bug bounty program in 2010, including over $3 million in 2016. • Mozilla has paid out over $1.6 million across all of our bounties. • Yahoo has paid out more than $2 million for vulnerabilities since the launch of its bug bounty program in 2013. • Over 100,000 hackers strong in the HackerOne community. Over $20 million paid in bounties.
  • 7. RUNNING A BUG BOUNTY PROGRAM Self-Hosted Bug Bounty Program Using a Bug Bounty Management Provider