Running a Bug Bounty Program: What Works, What Fails, and What No One Tells You
Premiere: 4/16 14:40 - 15:10
Replays: 4/16 20:40 - 21:10, 4/17 02:40 - 03:10
Bug bounty programs are a double-edged sword. Done right, they uncover critical vulnerabilities before attackers do. Done wrong, they create noise, drain resources, and even introduce new security risks. So how do you build a bug bounty program that actually works?
Drawing from my experience running Vietnam’s first and largest bug bounty platform, this session will cut through the theory and dive into the real-world lessons of designing, securing, and scaling a successful program. We’ll cover:
1. Program Design: How to define scope, set fair rewards, and attract serious security researchers - not just low-effort spam.
2. Vulnerability Handling: Triage strategies to separate signal from noise, manage false positives, and deal with duplicate reports effectively.
3. Operational Security Risks: How to prevent abuse, secure your own bug bounty infrastructure, and avoid becoming a target yourself.
4. The Human Factor: What motivates researchers, how to build trust, and why community management is just as important as technical execution.
We'll also discuss hard lessons learned, like how to handle rogue submissions and why transparency can make or break your program.
By the end of this talk, you’ll walk away with a practical, tested framework for building a bug bounty program that is secure, efficient, and actually useful - whether you’re starting from scratch or improving an existing initiative.
TOPIC / TRACK
CYBERSEC GLOBAL 2025: United as One
LEVEL
General General sessions explore new
cybersecurity knowledge and
non-technical topics, ideal for those with limited or no
prior cybersecurity knowledge.
SESSION TYPE
Live Stream Session
LANGUAGE
English
SUBTOPIC
Bug Bounty
Hackers & Threats
Vulnerability Management
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。