Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the complex dynamics between security researchers and vulnerability triagers in this 47-minute DEF CON 33 conference talk that examines the often contentious world of bug bounty programs. Learn from experienced bug bounty hacker Richard Hyunho Im and seasoned triage expert Denis Smajlović as they dissect challenging interactions from both perspectives, sharing real-world stories from high-stakes bounty scenarios including severity debates over Gmail aliasing vulnerabilities, unclear bug submissions, and controversial gray-area issues like Apple's BAC vulnerability rejection. Discover practical solutions for improving hacker-triager relationships through effective communication, clear business impact framing, and mutual respect. Gain insights into how researchers can strategically leverage bug bounty work beyond monetary rewards to enhance personal branding, build professional networks, and advance career opportunities. Master actionable strategies for clearer vulnerability reporting, effectively communicating severity assessments, navigating gray-area cases, and respectfully challenging triage decisions while learning how to transform the "bounty battleground" from a hostile environment into a collaborative space for growth, trust, and professional success within the cybersecurity community.
