Today I attended a webinar hosted by EH.net: Bug Hunting as a Second Income with guest Jason Haddix, VP of Trust and Security at Bugcrowd, Inc.
When most think of selling bugs, they have visions of the underground hacking scene populated by nefarious characters using their 0-days for illegal activity. But what if you could get in on the bug hunting action without the worry of law enforcement? You can now!
Companies not only use 3rd party software that has bugs, but more and more they also have their own proprietary or custom code that most certainly has bugs. The new-school world of “bug bounty” has incentivized a whole new hacking scene, where companies can take advantage of white hat hackers to find these bugs for fame and noJason Haddix, VP of Trust and Security at Bugcrowd, Inc.minal rewards. Companies are starting to learn it’s much cheaper to find them from internet-do-gooders than from a massive breach and before they have to pay crypto-currency to criminals.
It’s a seller’s market out there! In 2017, the CVE saw an increase of more than 128% from 2016. For 2018, the upward trend is already continuing. How do you get in on the action? Jason Haddix, VP at Bugcrowd, will give you the insider’s view of how it’s done. Agenda for “Bug Hunting as a Second Income”
Intro by Don Donzal, EH-Net Editor-in-Chief Preso by Jason Haddix Bio Bug Hunting 101 – Know your skillset The common journey, web applications The great equalizer, reporting Focus – Best bang for the bug Path to success Q&A Post Game in EH-Net in the new “Bug Hunting” Group
Jason Haddix, VP of Trust and Security at Bugcrowd, Inc.
I am passionate about information security. Not only is security my career focus but it’s my hobby. I absolutely love my job.
In my previous role as Director of Penetration Testing I led efforts on matters of information security consulting. The gamut stretched from developing test plans for Fortune 100 companies to competing in “bake-offs” to win business against other top tier consulting vendors.
In my current role I serve as the Director of our Application Security Engineers and Technical Operations. This means I am an extension of (and advisor to) over 300+ security programs across many industry verticals. Under my direction, my team has triaged over 15,000 vulnerabilities this year alone. We also strive to keep the relationship between vulnerability researcher and customer a good one.
While I never call myself a “master” of anything, I do have a very particular set of skills; skills I have acquired over a very long career. These skills make me adept at getting business, finding security vulnerabilities, and eventually leading a customer to a better security posture.