meet the hackers powering the world's best bug bounty programs

27
MEET THE HACKERS POWERING THE WORLD’S BEST BUG BOUNTY PROGRAMS Adam Bacchus, Chief Bounty Officer Lauren Koszarek, Dir. of Communications

Upload: hackerone

Post on 15-Apr-2017

151 views

Category:

Internet


5 download

TRANSCRIPT

Page 1: Meet the hackers powering the world's best bug bounty programs

MEET THE HACKERS POWERING THE WORLD’S BEST BUG BOUNTY PROGRAMSAdam Bacchus, Chief Bounty OfficerLauren Koszarek, Dir. of Communications

Page 2: Meet the hackers powering the world's best bug bounty programs

Adam Bacchus serves as Chief Bounty Officer at HackerOne. Previously Adam was a member of Snapchat’s security team. Before Snapchat, Adam was on Google’s security team where he helped run Google’s penetration testing and bug bounty programs. Adam’s previous experience includes four years of security consulting, primarily in application and network pentesting.

@sushihack

Lauren Koszarek is the Director of Communication at HackerOne. Previously Lauren was a Security Communications Strategist for Blackberry. Lauren has experience driving proactive and reactive communications for brands including, Microsoft Trustworthy Computing, T-Mobile and HTC, among other.

@LKozz

Adam Bacchus

Lauren Koszarek

Page 3: Meet the hackers powering the world's best bug bounty programs

● Hacking scalability● Hacker survey data● Hacker profiles● 4 Reasons to work with

hackers● Q&A

Today’s Agenda

Page 4: Meet the hackers powering the world's best bug bounty programs

Bug Bounty 101

HackerOne is the world’s #1 bug bounty platform

Page 5: Meet the hackers powering the world's best bug bounty programs

Strength in Numbers

Not even the strongest or most skilled organizations have the headcount and capacity

to avert system vulnerabilities on their own.

Page 6: Meet the hackers powering the world's best bug bounty programs

Strength in Numbers

Security experts

in your

organization

Page 7: Meet the hackers powering the world's best bug bounty programs

Strength in Numbers

Security experts

in your

organization

Security experts among

all your vendors and

contractors

Page 8: Meet the hackers powering the world's best bug bounty programs

Strength in Numbers

Security experts

in your

organization

Security experts among

all your vendors and

contractors

80,000+ white hat hackers

on HackerOne

Page 9: Meet the hackers powering the world's best bug bounty programs

Strength in Numbers

80,000 hackers strong

$10,000,000+ earned in bounties

32,000+ vulnerabilities resolved

600+ customers

Page 10: Meet the hackers powering the world's best bug bounty programs

Who Are These Hackers?

/ha–ker/: One who enjoys the intellectual challenge of creatively overcoming

limitations. - MIT

Hackers ARE: Problem-solvers, Curious, Technically skilled, Diverse in background and education

Hackers are NOT: Criminals. Using their skills for a malicious purpose

Page 11: Meet the hackers powering the world's best bug bounty programs

11

Where in the world?

Page 12: Meet the hackers powering the world's best bug bounty programs
Page 13: Meet the hackers powering the world's best bug bounty programs

13

Page 14: Meet the hackers powering the world's best bug bounty programs
Page 15: Meet the hackers powering the world's best bug bounty programs
Page 16: Meet the hackers powering the world's best bug bounty programs

Not all hackers are created equal

Page 17: Meet the hackers powering the world's best bug bounty programs

Hacker Profiles

Page 18: Meet the hackers powering the world's best bug bounty programs

Hacker Profile : meals

Sean Melia | 26 years old | U.S.A.● Pentesting 4+ years● Bug bounties 2+ years ● Found 570+ bugs

“Bug bounties have changed my life significantly. I've been able to purchase a house as well as go on trips and purchase nice gifts for my family and girlfriend.”

Page 19: Meet the hackers powering the world's best bug bounty programs

Hacker Profile : nnwakelam

Nathaniel Wakelam | 21 years old | Australia● Self-taught bug hunter● Bug bounties 3+ years ● Helped GM, Snapchat, Yahoo,

Uber and Adobe find 372+ bugs● Uses bounties to fund his charity

Hackers helping hackers‘Bug bounties have given me cash money, skills, sent me around the world, and I've forged some lifelong friendships due to taking part in them’

Page 20: Meet the hackers powering the world's best bug bounty programs

Hacker Profile : mlitchfield

Mark Litchfield | U.S.A.● Hacking since ‘99● 1st hacker to earn $500k+ on H1● Helped Dropbox, Uber, Shopify and

many more resolve 450+ bugs

Mark chooses which bug bounty programs to work on based on “How well do they respond, how quick do they fix / pay.”

Page 21: Meet the hackers powering the world's best bug bounty programs

4 reasons to work with hackers

Page 22: Meet the hackers powering the world's best bug bounty programs

1. Hackers Gonna Hack

Page 23: Meet the hackers powering the world's best bug bounty programs

2. Enhanced Public Image

Page 24: Meet the hackers powering the world's best bug bounty programs

3. “Always On” vs. “Point in Time”

Page 25: Meet the hackers powering the world's best bug bounty programs

4. Find and Improve Gaps in SDLC

Page 27: Meet the hackers powering the world's best bug bounty programs

Thank [email protected]