Managing Bug Bounties @ Scale
Gabriel Nitu, Jay Dancer, PayPal, Ryan Nolette, Goshak
DEF CON 33 (backfill) · Day 1 · Main Stage
This DEF CON panel, "Managing Bug Bounties @ Scale," brings together industry leaders from major technology and financial companies—Splunk, Shopify, and PayPal, alongside an experienced former AWS security professional—to dissect the complexities of operating bug bounty programs for vast and diverse digital assets. Moderated by Joe Monet Carlo, the discussion transcends mere program administration, delving into the strategic, technical, and human elements essential for success in an ever-evolving threat landscape. The panelists share their hard-won lessons, candidly discussing the "nightmare" and "rewarding" aspects of balancing report volume with quality, fostering researcher relationships, and adapting to new challenges like the proliferation of AI-generated submissions.
AI review
A competent panel of practitioners from credible programs sharing honest operational experience — the AI-slop discussion and non-monetary incentive details have real utility for anyone standing up or scaling a program. But this is firmly a practitioner roundtable, not research, and it stays safely inside known territory without surfacing anything that would surprise an experienced VDP or bug bounty manager.