Bug bounties are booming, but what are they really accomplishing? The market for bugs and what cash incentives create may make organizations look busy and responsive when it comes to securing their products and services, but are we irrevocably choosing to create perverse global incentives? Has bug bounty virtue signaling won over real security improvement? Join a leading expert to explore tough, timely challenges.
Learning Objectives: 1: Explore if bounties are really helping or harmfully replacing strong basic security 2: Examine the overall labor market for security, and whether bug bounties are creating perverse incentives for extortion, and more bug hunters than bug fixers 3: Explore if NDAs legally protect hackers who accidentally or deliberately access protected classes of data