| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Dustin Childs Bug bounty programs are nearly ubiquitous today, but that wasn't always the case. From their inception, bug bounty programs created controversy as they touch on the topics of vulnerability disclosure, vendor responsibility, and the greater good. Understanding the history of bug bounty programs starts with investigating the nature of vulnerability disclosure and how various disclosure policies impact both vendor servicing and enterprise patch strategies. It also requires an understanding of the exploit marketplace and the various entities purchasing bugs and what happens to the bugs once reported.
Even if you don't participate in a bounty program, they impact you and the systems you defend. Bounty programs impact the exploit marketplace. Like any open market, various factors can spur changes in supply and demand, and bounty programs can shape what types of research either becomes public or finds its way into an exploit kit. This presentation covers the current landscape of bounty programs and the winding, often controversial road that led us to here. We also cover the vulnerability economy and the role bug bounties play in shaping the exploit marketplace. Finally, we'll show how effectively run programs have disrupted exploit usage in the wild.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast