This course covers the learning outcomes and goals of bug bounty programs, including the nature of disclosure, vendor-agnostic bounty programs, exploit intelligence marketplace, and lessons from hacking team leaks. The course teaches individual skills such as understanding bug bounty as a service, vulnerability brokers, and the benefits to researchers. The teaching method includes oral history, real-world examples, and case studies. The intended audience for this course is individuals interested in cybersecurity, bug bounty programs, and vulnerability research.
Overview
Syllabus
Intro
A bit about me
The Nature of Disclosure
Rain Forest Policy (RFPolicy)
The Trustworthy Computing Memo
Disclosure Drives Action
Remember Netscape?
Vendor Agnostic Bounty Programs
How vendor agnostic bounties work
Bug Bounty as a Service (BBaaS)
Evolving Marketplace
Exploit Intelligence Marketplace
Economy in Action
Lessons from Hacking Team Leak
How to Get Oday: Vulnerability Brokers
Bounty Programs Killing Exploits
Beyond Just Security Patches
Living in the Shadow Brokers Reality
Killing NSA's Tailored Access Operation exploits
Shades of Stuxnet
Killing CIA's Closed Network Infiltration Tool
Pwn2own Inspired Improvements
Benefits to Researchers
Conclusion
Related Courses
-
Does Public Disclosure of Vulnerabilities Affect Hacker Participation in Bug Bounty Programs?
-
Decoding Bug Bounty Programs - Jon Rose
-
From Bounties to Bureaucracy - The Hidden Market Factors of Exploit Economics
-
Green Sprouts - Encouraging Signs of Life from the Department of Defense's Security Strategy - Lisa Wiswell - USENIX Enigma Conference - 2017
-
Bug Bounty Programs - Successfully Controlling Complexity and Perpetual Temptation
-
Vulnerability Disclosure Policies - Hack Responsibly
