Upgrade your tier

Vulnerability research and bug bounties

Bitesize
Beginner
Featuring:Katie Moussouris, Luta SecurityDaniel Moore, Author of 'Offensive Cyber Operations: Understanding Intangible Warfare'
Join now Go to topic

Description

Total length of the course: <1 hour

Vulnerabilities are the raw material of both cyber offence and defence, and understanding them is fundamental to understanding cybersecurity. In this conversation, we start from the ground up: what vulnerabilities and exploits actually are, how researchers find and prove them, and why some are worth far more than others. From there, explore how bug bounty programs work, what organizations get wrong when running them, and what decades of experience, including inside government, reveals about turning vulnerability disclosure into something that actually improves security.

Content details

What is a vulnerability, and how is it different from an exploit?
How do you find a vulnerability?
How do you prove a vulnerability exists?
What is an exploit ‘primitive’?
What are the main classes of vulnerability you see today?
Why are some vulnerabilities more valuable than others?
What is a bug bounty program and how does it work?
How do organizations decide how much to pay for a bug?
What did you learn from running a bug bounty inside government?
Should every government have a bug bounty program?

Similar content

Market dynamics in cybersecurity

Featuring:Ciaran Martin, University of Oxford

Vulnerability research and disclosure in China

Featuring:Eugenio Benincasa, ETH Zurich

Semiconductors: from supply chains to AI

Featuring:Melissa K. Griffith, Johns Hopkins University

The ransomware ecosystem

Featuring:Max Smeets, Virtual RoutesSelena Larson, ProofpointWilliam Lyne, Metropolitan Police Service