RVAsec 2017: Managing Crowdsourced Security Testing

This June at RVAsec 2017 I continued the discussion of metrics that reflect the effort spent on vuln discovery via crowdsourced models. It analyzes data from real-world bounty programs and pen tests in order to measure how time and money might both be invested wisely in finding vulns. Here are the slides for my presentation. We […]

An Event Mutates

This week I spoke again about evolving a bug bounty program. It was an iteration on A Mutation Event that I presented last month. In the spirit of my evolutionary metaphor, the content has been modified in its descent and adapted to the audience. The tweaks are both in presentation flow and in response to questions. I’ve also called out more clearly […]