S1E03 - Bug Bounties

Welcome to the Boring AppSec Podcast! In Episode 3, we discuss all things bug bounties. The researcher side as well as the program owner's side. Enter at your own will as we have a lot of hot takes.

References:

We will try and add information about all the references we make here. Please enter rabbit holes at will :) 

1. ⁠Bug Bounty Platforms
• Bugcrowd - https://www.bugcrowd.com/ 
• HackerOne - https://www.hackerone.com/ 
• Intigrity - https://www.intigriti.com/ 
• Synack - https://www.synack.com/ 

2. Vulnerability Disclosure Process - https://www.cisa.gov/coordinated-vulnerability-disclosure-process 

3. Google’s Project Zero vulnerability disclosure policy - https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html  

4. CVSS Calculator - https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator  

5. Handling A Bug Bounty program From A Blue Team Perspective - https://www.youtube.com/watch?v=Vgy150R4bRw&t=0s

6. Consumer Bug Bounty Panel - https://www.youtube.com/watch?v=Y8X6pV7rdbA&t=0s

Contacting Anshuman

1. LinkedIn: ⁠⁠⁠https://www.linkedin.com/in/anshumanbhartiya/⁠⁠⁠ 
2. Twitter: ⁠⁠⁠https://twitter.com/anshuman_bh⁠⁠⁠ 
3. Website: ⁠⁠⁠https://anshumanbhartiya.com/⁠⁠⁠
4. Instagram: ⁠⁠https://www.instagram.com/anshuman.bhartiya/⁠⁠ 
5. YouTube: ⁠⁠https://www.youtube.com/@AnshumanBhartiya⁠⁠   

Contacting Sandesh

1. LinkedIn: ⁠⁠⁠https://www.linkedin.com/in/anandsandesh/⁠⁠⁠ 
2. Twitter: ⁠⁠⁠https://twitter.com/JubbaOnJeans/⁠⁠⁠ 
3. Website: ⁠⁠⁠https://boringappsec.substack.com/⁠⁠⁠