Daniel McMahon - Hey Everyone, Break Our Stuff - BSides Portland 2018

Daniel McMahon (@mcmahoniel) More and more companies are considering bug bounty programs, but intentionally opening up your organization to attackers isn’t always an easy proposition. Join me as I talk about the perils, pitfalls, and lessons learned from over two years of running a paid bug bounty program at a major SaaS company. Hear real-world stories of the types of bugs participating researchers have found and how their findings have influenced our company from security engineers, to our product team and beyond. Daniel is an Application Security Engineer on New Relic’s Product Security team, helping to manage their public Coordinated Disclosure program and specializing in black hoodies, Advanced Persistent APT Threats, and The Cyber.