Hi This is Urgent PLZ Fix ASAP: Critical Vulnerabilities and Bug Bounty Programs

by Kymberlee Price
Sept. 18, 2017 1 comment Black Hat belen_caty Pen Testing & Audits

No More Free Bugs led to Bug Bounties, but some people believe that bug bounty hunters are low quality script kiddies and the most talented researchers aren't participating. The emergence of bug bounty programs is increasing the volume of vulnerability submissions, but how many of those can be found by running an automated scanning tool? Are any really critical bugs being found in the sea of clickjacking and weak password policy reports? How do you separate the signal from the noise, and more importantly, how do you shift the balance of bug reports to greater signal/less noise overall? In this presentation we will discuss several highly critical vulnerabilities that have been uncovered through a variety of bug bounty programs and their impact on the customers. With participation from researchers and vendors, attendees will not only see some sweet vulnerabilities broken down, but also why wading through another submission from @CluelessSec might be worth it.


Steven Ulm 8 months ago

This presentation is more like a warning sign to all security users. The problem is real.