Critical Thinking - Bug Bounty Podcast Episode 34: Program vs Hacker Debate
Aug 31, 2023
In this episode of a bug bounty podcast, the hosts have a debate representing hackers and program managers. They discuss topics such as Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage, and Retesting. They also touch on domains, transparency, bug severity ratings, budget allocation, retesting vulnerabilities, bug fix verification, bug report handling process, promoting security, changing contracting models, and live hacking events.
Chapters
Transcript
Episode notes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Introduction
00:00 • 2min
Attending Talks, COVID Experiences, and Prompt Injection Primer
01:45 • 7min
Discussion on Gunner Andrews' Talk at Recon Village and Jason Haddix's Bug Hunters Methodology Course
08:34 • 2min
Code Giveaway and Course Announcement on the Podcast's New Website
11:03 • 3min
Bug Bounty Hunting and Program Management
13:46 • 3min
The Role of Engineers in Domain Pointing
17:00 • 20min
The Importance of Transparency in Bug Bounty Programs
36:33 • 15min
Challenges and Improvements in Bug Bounty Programs
51:20 • 11min
Budget Allocation for Bug Bounty Programs
01:02:10 • 17min
Retesting Vulnerabilities in Bug Bounty Programs
01:18:57 • 4min
Bug Fix Verification and Ethical Considerations
01:22:50 • 21min
Bug Report Handling Process and Engineering Priorities
01:43:48 • 2min
Promoting Security as a Core Value
01:45:52 • 17min
Changing Contracting Models and Live Hacking Events
02:03:17 • 5min
The Conclusion and Reflections
02:07:58 • 3min