S3 Ep19.5: How NOT to be a bug bounty hunter

Naked Security Podcast

English - February 12, 2021 13:42 - 16 minutes - 22.9 MB - ★★★★★ - 40 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: S3 Ep19: Chrome zero-day, coffee hacking and Perl.com stolen

Next Episode: S3 Ep20: Corporate megahacking, true love gone bad, and tax grabs

In this special mini-episode, Paul Ducklin talks to Sophos cybersecurity expert Chester Wisniewski about bug bounty hunting.

How does bug bounty hunting work? What should you do if you get a bug report that doesn't follow established protocol? Chester tells you how to deal with so-called "beg bounties", where self-styled "experts" beg you for money or even threaten you with ill-defined "problems" they claim to have found.

https://news.sophos.com/have-a-domain-name-beg-bounty-hunters-may-be-on-their-way
https://nakedsecurity.sophos.com/beware-of-technical-experts-bombarding-you-with-bug-reports

Original music by Edith Mudge (https://www.edithmudge.com)

Got questions/suggestions/stories to share?
Email: [email protected]
Twitter: NakedSecurity (https://twitter.com/nakedsecurity)
Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Twitter Mentions

@nakedsecurity