[Owasp-boston] OWASP RI: Bug Bounties! July 17

Patrick Laverty patrick.laverty at owasp.org
Tue Jun 26 14:52:11 UTC 2018

We are back! Sorry for the long, long layoff. But we have Bryan Brannigan
of Upserve to talk to us about the bug bounty program he developed. A
description is below.

I'd love to have more content too. Do you have something you should show in
10 minutes? Nothing big, just a quick explainer or demo? Want to show
people what is XXE? What is a typical Angular template bypass? Anything
would be cool! Or if you have something longer, we can schedule a meeting
for just that! If you have an idea that might not be appsec, we also have
the Defcon401 meeting group that can do things like that too! So let's hear
'em. These groups stay alive and are valuable because of you, the speakers
and the attendees.

Ok, here's the details on the next OWASP RI meeting:

Tuesday, July 17, 6:30 pm, 10 Dorrance St. in Providence, at Upserve.

Bug bounties are a marketplace and like all marketplaces, there are good
sellers (researchers) and buyers (programs), and there bad sellers and
buyers. There are resources everywhere to help researchers get going in
this exciting world of bug hunting, but there are few resources available
to help those running programs. But it is far worse to be a bad program
than it is to be a bad researcher. Let's have a conversation about how
Upserve went from no bounty program to launching a public program (and
beyond!). We'll talk about the speedbumps and the lessons learned along the
way. And you'll learn about how managing a successful bug bounty program is
more about managing expectations and clear communication then it is about
fixing security bugs.

Please RSVP at

We will see you there!!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20180626/d2e078d3/attachment.html>

More information about the Owasp-boston mailing list