AppSecUSA - Your License for Bug Hunting Season

•Download as PPTX, PDF•

0 likes•37 views

Tweet Share You don’t need a license for bug hunting season anymore. Bug bounty programs are becoming well established as a valuable tool in identifying vulnerabilities early. The Department of Defense has authorized its first bug bounty program, and many vendors are taking a fresh look. While the programs are highly effective, many questions remain about how to structure bug bounty programs to address the concerns that vendors and researchers have about controlling bug hunters, security and privacy, contractual issues with bug hunters, what happens if there is a rogue hacker in the crowd, and liability and compliance concerns. This presentation will cover the best practices for structuring effective bug bounty programs. Video: https://www.youtube.com/watch?v=ziUUyA0-zwg

Technology

Your License for Bug Hunting Season
James Denaro & Casey Ellis

Speakers
1/26/2019 Your License for Bug Hunting Season
James Denaro
Attorney, Founder of Cipher Law
Casey Ellis
Founder & CEO, Bugcrowd

Agenda
Risk & Reward of Bug Bounties
Addressing Two Main Areas of Concern:
1. Uncertainty
2. Liability
Questions
1/26/2019 Your License for Bug Hunting Season

1/26/2019 Your License for Bug Hunting Season
What are we really talking about?
By W.carter - Own work, CC
BY-SA 4.0,
https://commons.wikimedia.
org/w/index.php?curid=3497
9655

Uncertainty FAQs
• How do I budget for a bug bounty?
• How do I know good hackers will test my apps?
• How do I know I’ll get good results?
1/26/2019 Your License for Bug Hunting Season
Top concerns for individuals looking into running a bug bounty program in next few years

Uncertainty: Results & Talent
• Crafting your Program:
– Program Type
• Public vs. Private
• Ongoing vs. On-Demand
1/26/2019 Your License for Bug Hunting Season
How are researchers invited to private programs?
measured by accuracy, activity, impact and trust

Uncertainty: Results & Talent
• Crafting your Program:
– Bounty Brief
• In-Scope & Out-of-Scope
• Rewards
• Rules
1/26/2019 Your License for Bug Hunting Season

Additional Uncertainties
• Budgeting
• Processes
• Getting internal buy-in
• Legal questions
1/26/2019 Your License for Bug Hunting Season

#1 Most Frequently Asked Question
What happens if a hacker
goes rogue?
• Logical
• Procedural
• Emotional
• Legal
1/26/2019 Your License for Bug Hunting Season
By YBS 999 (Own work) [CC BY-SA 4.0
(http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia
Commons

Additional Liability/Legal Concerns
• Contracts & NDAs
• Who has liability for loss of data/business assets?
• Personal liability?
• Who has jurisdiction?
1/26/2019 Your License for Bug Hunting Season

Questions?
casey@bugcrowd.com
jdenaro@cipherlawgroup.com

You don’t need a license for bug hunting season anymore. Bug bounty programs are becoming well established as a valuable tool in identifying vulnerabilities early. The Department of Defense has authorized its first bug bounty program, and many vendors are taking a fresh look. While the programs are highly effective, many questions remain about how to structure bug bounty programs to address the concerns that vendors and researchers have about controlling bug hunters, security and privacy, contractual issues with bug hunters, what happens if there is a rogue hacker in the crowd, and liability and compliance concerns. This presentation will cover the best practices for structuring effective bug bounty programs. Talk originally given at AppSecUSA 2016 | October 13, 2016

Essay On Solar Energy In India

Alison Parker

The document discusses different types of irony used in the novel Catch-22 by Joseph Heller. It provides the dictionary definition of irony as expressing the opposite of what is meant or an incongruity between actual and expected results. As an example, the document notes Heller writes that the character Yossarian was proud of helping build an officers club that he actually did not help build, illustrating unexpected results.

Hot Off the Press - Recent Cases & Decisions 2019

Financial Poise

Webinar Series: LEGAL ETHICS – BEST PRACTICES 2019 - WINTER/SPRING This webinar is for the lawyer- or anyone else- who wants to brush up on legal ethics in the business context. The panelists discuss recent and important case law in the area and explain how those decisions can have real word impact on the situations you may be involved in. Among others, the following ethical model rules are discussed: Rule 1.2-Scope of Representation and Allocation of Authority Between Client and Lawyer; Rule 1.7-Conflict of Interest: Current Clients; Rule 1.8-Conflict of Interest: Current Clients: Specific Rules; Rule 1.9-Duties to Former Client; and Rule 1.13-Organization as Client. View On Demand Webinar: https://www.financialpoise.com/financial-poise-webinars/recent-cases-decisions-2019/

Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...

Financial Poise

This document discusses responding to a data breach, including identifying if a breach has occurred, investigating the breach, containing the breach, fixing vulnerabilities, assembling a breach response team, and determining notification obligations. It provides an overview of steps to take in the first 24 hours of discovering a breach, such as securing premises, stopping additional data loss, and assessing risks. It also outlines some state-specific notification requirements, such as notifying various government agencies in Massachusetts and the Superintendent of Financial Services in New York within 72 hours of certain cybersecurity events.

Data Privacy & Security 101 (Series: One Hour Law School)

Financial Poise

Information technology systems are at the core of the way we live, work, and play; they impact virtually every aspect of our lives today, and businesses of all kinds are increasingly data driven. But businesses must understand and protect against the legal, business and reputational risks from actual or perceived misuse of such data. And they must navigate these waters in a world where data knows no boundaries, and in which governments and others apply differing standards and have carry differing expectations. Experts further warn (and sometimes daily news seems to suggest) that data breaches are inevitable, and businesses must plan for the operational, legal and reputational fallout of such events. Get up to speed with us on a topic that will continue to grow in importance in today’s data-driven marketplace. To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/data-privacy-security-2019/

Apa Format Example Paper

Tisha Noel

Blake Mycoskie and his sister participated in The Amazing Race, a reality TV show where pairs race around the world completing challenges in over 13 cities daily for 3 weeks. Blake started strong but struggled with physical challenges. Though he and his sister didn't win the million dollar prize, Blake gained global exposure that helped launch his successful shoe company TOMS which donates a pair of shoes for every pair sold.

International Science Essay Competition For High School Students

Kristen Farnsworth

Here is a rhetorical analysis of that sentence from Thoreau's speech: Thoreau uses very powerful and direct language in this sentence to make his point about resisting an unjust law like slavery. By saying "If one HONEST man...were actually to withdraw from this co partnership", he emphasizes the moral high ground of refusing to support slavery through taxes. Describing withdrawing from the "co partnership" of the government frames it as a business partnership one can leave. Saying the man would be "locked up in the country jail" vividly illustrates the penalty for dissent, evoking an image of unjust imprisonment. Using the specific location of "the country jail" in Massachusetts gives the scenario immediacy and realism.

Protecting Your Professional Reputation Online

Legal Media Matters

The Federal Corrupt Practices Act (“FCPA”) prohibits a U.S. company or person from bribing foreign government officials to obtain a business advantage. Along with this seemingly simple restriction comes accounting and record keeping requirements with which companies must comply. The FCPA requires the implementation of a compliance program which addresses FCPA concerns and establishes an FCPA corporate policy. This webinar covers the basics of the FCPA, including an introduction to the regulators, both the SEC and DOJ, and recent communications to the public regarding the FCPA from these regulatory bodies. The standards for a compliance program review is analyzed, including what makes a program current and effective as well as how often the program requires review. The role of a compliance coordinator is discussed, as is record keeping, training, and retaliation. Finally, meals and entertainment, gifts, travel, charitable contributions, and hiring are all discussed with reference to recent government actions and legal decisions. To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/foreign-corrupt-practices-act-2019/

Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)

Financial Poise

All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed. To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/data-privacy-compliance-2019/

Avoid Cross-Channel Message Fatigue

SparkPost

Brands are getting more personal, targeted, immediate, measurable and actionable with the right mobile messaging strategy. However, are they keeping up with their customers – and how much is too much? Webinar panelists Michael Boland, senior analyst and vice president of content at BIA/Kelsey, and Cindy Krum, founder/CEO of mobile marketing consultancy MobileMoxie, as well as Steve Dille, senior vice president of marketing at sponsor Message Systems, will offer insights and analysis on how brands can steer themselves clear of annoying consumers with mobile messages that do not resonate, are intrusive and overwhelm.

R2R Meeting 9 pdf

Rancho Bernardo Community Presbyterian Church

This document provides information about upcoming meetings and presentations related to recovery from wildfires in Southern California. It announces childcare availability for an upcoming R2R meeting, invites fire survivors and supporters to a supper event, and lists additional presentations on tax information and living with wildfire risk. It also notes that a local news station interviewed an insurance group about underinsurance and may film footage of an evening program. Breakout sessions with different insurance companies are scheduled after the main program until 9:30pm.

The industry response to ad blocking - Digiday WTF Ad Blocking NYC, 1/14/16

Digiday

This document discusses the rise of ad blocking and proposes principles to address it. It notes that 34% of U.S. adults now use ad blockers, mainly due to privacy/security concerns and poor user experience from ads. The digital ad supply chain has become bloated, slowing page loads and increasing vulnerabilities. The proposed L.E.A.N. principles aim to make ads lighter, more encrypted, privacy-respecting, and non-disruptive to improve the user experience and address what consumers want. The document outlines various work streams to implement the principles through standards, research, and education.

Writing Essays For College Applications. Online assignment writing service.

Jessica Cannella

The document discusses the importance of separating church and state in the United States to preserve individual freedoms. It notes that many of the early European colonists came to America to escape religious persecution in Europe. However, some states still enforced official state religions in the colonies. This led to conflicts and violence between different religious groups. The document argues that separating church and state ensures equality and allows people to freely practice their chosen religion without government interference.

The Farmers Agency Ownership Program Boise

finl873

The document discusses the Farmers Agency Ownership Program, which helps candidates start their own insurance and financial services agency. It outlines the process, including initial training, licensing requirements, costs, and compensation structure. Agents are paid commissions on renewals, and can expect to earn $500-$2000 monthly as a reserve agent and over $100,000 annually within 3 years as a career agent. The program provides tools, marketing support, and subsidies to help agents build a successful long-term business.

The farmers agency ownership program boise

finl873

The document discusses the Farmers Agency Ownership Program, which helps candidates start their own insurance and financial services agency. It outlines the process to become an agent, including initial training, licensing requirements, and costs. Agents are paid based on commissions from policy renewals. Successful agents can expect to earn $35,000-$50,000 in their first year, growing to over $100,000 by their third year as their book of business increases. The program provides tools and support to help agents build a profitable small business.

The farmers agency ownership program boise

finl873

The document discusses the Farmers Agency Ownership Program, which helps candidates start their own insurance and financial services agency. It outlines the benefits of becoming an agent such as earning commissions, building your own book of business over time, and potentially earning over $250,000 annually within 5 years. The process involves initial interviews, licensing exams, a reserve agent training period, and converting to a career agent within 2 years when financial assistance is provided. Upfront costs include licensing fees while as a reserve agent, a computer, cell phone and marketing are provided.

Buy University Essay

Jessica Edwards

This document outlines a comprehensive business governance plan for Bienvenidos, a nonprofit organization that provides services to children and families. It discusses the importance of establishing a governance plan to provide structure and guidelines for the board of directors as the organization grows. The plan will help Bienvenidos control decision making according to its mission to provide compassionate care and strengthen communities. It will also facilitate implementation of the plan if adopted by Bienvenidos' executive team.

The Intersection of IP & Bankruptcy (Series: Chapter 11 Potpourri)

Financial Poise

This document contains slides from a webinar presentation on intellectual property issues that arise in bankruptcy proceedings. It discusses various types of intellectual property like patents, copyrights, trademarks, and trade secrets. It then explains how executory contracts are treated under bankruptcy law, including the options to reject, assume, or assign contracts. The presentation focuses on key issues for intellectual property licenses, including the special protections for licensees of patents and copyrights if the licensor rejects the license. It notes areas of controversy around the rights of licensees after rejection and the assignability of licenses.

Writing - Jetpaper.Web.Fc2.Com. Online assignment writing service.

Rajee Dent

1. Heavy taxation by the British government: The British imposed taxes on the colonists through various acts like the Stamp Act and Tea Act without representation in Parliament. This led to unrest and protests among colonists who believed in "no taxation without representation." 2. Restriction of colonists' expansion: The British tried to restrict colonial expansion west of the Appalachian Mountains with the Proclamation of 1763 to protect Native American lands. This angered the colonists. 3. Desire for self-governance: The colonists increasingly wanted more autonomy and self-governance. They resented the control exerted by the British

Shocking Stats On Identity Theft In Canada And You Could Be One

Sue Carveth

Identity theft has become an epidemic and it's not a matter of who its just a matter of when.There are only 38 million in Canada and over 15 million breached just with Life Labs so if you have had any blood work you could be that 1 in 15 million and never know. Protect and empower you and your children for less than a dollar a day. We offer full restoration so all you need is to tap your App and a private investigator is assigned to you at no additional cost. More Info http://bit.ly/2HlnBXW

R2R Meeting 9 ppt

Rancho Bernardo Community Presbyterian Church

Unit 4 Responding to a Media Brief Sample Work

Graveney School

The document provides guidance and sample responses for a GCSE Media Studies assignment on developing a media campaign about social networking site security and personal privacy. Students are given a brief to create a two-part integrated campaign on promoting safe social networking practices. They must conduct research, develop ideas and treatments for two media forms, and produce the campaign deliverables. The portfolio and evaluation are individually assessed. Sample responses include a student presentation, storyboard, and pre-production materials that address the assignment requirements.

Essay On Joint Family System Is A Boon

Heather Lopez

The document provides instructions for creating an account and requesting writing assistance on the HelpWriting.net website. It outlines a 5-step process: 1) Create an account with an email and password. 2) Complete a 10-minute order form with instructions, sources, and deadline. 3) Review bids from writers and choose one based on qualifications. 4) Review the completed paper and authorize payment. 5) Request revisions until satisfied with the work.

R2R Meeting 16 pdf

Rancho Bernardo Community Presbyterian Church

This document provides information from a June 26, 2008 meeting for 2007 wildfire survivors in Rancho Bernardo, California. It discusses legal issues related to insurance claims, including requirements for insurers under California law regarding replacement cost payments for policyholders who want to purchase a new home rather than rebuild. The document also addresses issues like underinsurance, claim settlement offers, and the results of a survey on claim statuses. United Policyholders and other groups provided resources and support for survivors navigating the recovery process.

Crowdfunding and it’s benefit for funding real estate 2 a

Eddie Edwards

D.A. (Eddie) Edwards is a trained accountant and licensed real estate broker since 1989. He has experience as a mortgage broker and teaches real estate and mortgage courses. Edwards works with real estate professionals to obtain crowdfunding for their projects. He has authored books on crowdfunding and emotional intelligence for real estate investors. Edwards is involved in several real estate and speaker organizations. He maintains various online presences to provide information to real estate professionals and investors.

7 Bug Bounty Myths, BUSTED

bugcrowd

View this ondemand webinar here: https://pages.bugcrowd.com/7-bug-bounty-myths-busted-ondemand-webinar About the content: Despite thousands of large and small organizations running bug bounty programs, there is still a lot of fear and uncertainty about these in the cybersecurity community. In this recorded webinar we will explore 7 myths about Bug Bounty programs, the hackers who are involved, and the impact they are having on the security posture of organizations around the world. After viewing this presentation and ondemand webinar you will: 1. Learn if a bug bounty program is right for your organization 2. Understand if a bug bounty encourages hackers to attack your systems 3. Explore the real benefits of bug bounty programs – and find out if they actually work 4. Get insight on whether these programs are too hard and costly to manage

Create My Essay For Me Only Passions, Great Pass

Claudia Brown

Here are the key similarities and differences between the Edict of Milan and John R. Knipfing's essay about the edict: Similarities: - Both address religious freedom and tolerance in the Roman Empire. - Reference the Edict of Milan issued by Constantine and Licinius in 313 AD. Differences: - The Edict of Milan was the original document issued by Constantine and Licinius, while Knipfing's essay analyzes and discusses the edict. - The authors lived in very different time periods - Constantine and Licinius in the 300s AD, Knipfing in the 1800s-1900s AD. - The emperors issued the edict based on

Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition

AppSecUSA - Your License for Bug Hunting Season

Recommended

Recommended

More Related Content

Similar to AppSecUSA - Your License for Bug Hunting Season

Similar to AppSecUSA - Your License for Bug Hunting Season (20)

More from Casey Ellis

More from Casey Ellis (20)

Recently uploaded

Recently uploaded (20)

AppSecUSA - Your License for Bug Hunting Season

Editor's Notes