Talk: Running a Bug Bounty Program @ SEEK

What would happen if we allowed 50 hackers from around the world to hack into our web applications? Is this a crazy idea? We don’t think so, as that’s exactly what we did and it was a great success!

Its called a bug bounty program, and is quite a new concept in the industry but gaining traction as it significantly reduces the cost of performing security testing on websites, increases the quality of bugs identified and provides a way to continuously test web apps! In this talk I will take you through an overview of how the program went, lessons learnt and how this program fits into SEEK’s wider application security vision.