Hacker v. Triage - Inside Bug Bounty Battleground
Richard Hyunho Im, Denis Smajlović
DEF CON 33 (backfill) · Day 1 · Main Stage
In the DEF CON talk "Hacker v. Triage - Inside Bug Bounty Battleground," security researcher Richard Hyunho Im and Principal Security Consultant Denis Smajlović delve into the often-strained relationship between external security researchers and the internal teams responsible for triaging and resolving vulnerabilities. The presentation offers a candid look at the "theory versus reality" of bug bounty programs, highlighting the common frustrations experienced by researchers due to slow responses, downplayed severities, and opaque communication, while also shedding light on the internal challenges faced by organizations trying to manage these programs effectively.
AI review
Competent, honest treatment of bug bounty program dysfunction from both sides of the table. The dual-perspective structure is genuinely useful, but this is operational wisdom, not research — and it belongs at a practitioner track, not a main stage.