Bug bounty programs are increasingly common in today's security organizations, and they can be of great value if implemented well. Before initiating your own bug bounty program, it's important to understand some do's and don'ts. \n\nToday Verizon Media operates one of the largest bug bounty programs, having paid out $5 million in bounties in 2018. This presentation is the first in a series that offers a glimpse into how Verizon Media has grown its successful program and offers best practices for organizations looking to start their own program or for those looking to optimize existing programs.

Certified by GAIC, NTISSI, PADI, and previously by the USSF, Chris Holt is constantly learning something new. As the Senior Bug Bounty Operations Lead at Verizon Media, he is responsible for the bug bounty program operations, development and growth including live hacking events. Previously, Chris worked on web, api and mobile mobile application penetration testing across many different types of products but currently is found operating the bug bounty program at Verizon Media.

Recorded at NolaCon 2019