Chris Cornutt

Application Security Engineer, Duo Security

Things I Wish I’d Known Before Starting a Bug Bounty

Bug bounties are all the rage these days. Companies both large and small are signing on and setting up a bounty for their products, awarding payouts to researchers for their contributions. Sounds perfect, right? There’s a lot more to setting up a successful bounty program than just announcing it to the world and waiting for submissions. Let me guide you through some of the basics of setting up a program, the things you’ll need in place before starting and some tips to help along the way.

Making a successful bug bounty program can be difficult if you’re not prepared. Come learn the skills you’ll need to be ready!

Chris Cornutt, Application Security Engineer, Duo Security

Chris has worked in web development and security in a wide range of industries over his career including public utilities, customer management, API management and server hosting. He is currently an Application Security Engineer for Duo Security and an active member of the PHP community.

He has spoken at conferences in the U.S. and Europe promoting secure development practices and writing secure code. He is the lead author on, the Securing PHP ebook series and other PHP publications. He’s also a co-organizer for the Dallas PHP User Group.

Become a Source Insider

Get promotions and special offers directly to your inbox.