Episode 34: Program vs Hacker Debate

Episode 34: In this episode of Critical Thinking - Bug Bounty Podcast, Justin and Joel have both beaten COVID and now square off against each other in a mega-debate representing hackers and program managers respectively. Among the topics included are Disclosures, Dupes, Zero-Day Policy, payouts, budgets, Triage and Retesting. So, if you want blood-pumping, insult-hurling opinion-invalidating debate…then maybe look somewhere else. But if a thought-provoking discussion about bug bounty is more your style, then take a seat and get ready!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterPrompt Injection Primer for Engineershttps://twitter.com/rez0__/status/1695078576104833291 Portswigger on XSShttps://twitter.com/PortSwiggerRes/status/1691812241375424983Gunner Andrews talkhttps://www.youtube.com/watch?v=aaDe1ADh5KM Jhaddix live training Givawayhttps://tbhmlive.com/ctbb.show/giveawayNew Websitectbb.showFight music composed by Dayn Leonardsonhttps://www.daynleo.com/Timestamps:(00:00:00) Introduction(00:02:00) Joel’s DEFCON Recap(00:04:45) Prompt Injection Primer for Engineers by Rez0(00:07:00) Portswigger Research and XSS(00:08:36) Gunnar Andrews' talk on serverless architecture(00:10:10) ‘Bug Hunter Methodology’ Course GiveawayThe Debate(00:13:34) Zero-Day Policy and Payment for Vulnerabilities(00:25:40) Disclosure(00:33:52) Dupes (00:51:23) CVSS(01:02:25) Budgets and Payouts(01:15:00) Triage and Retesting(01:34:55) Withholding Reports(01:41:50) Root Cause Analysis(01:52:25) Interacting with hacker reports from a security standpoint.(01:58:50) Internal Activity on a Report(02:01:15) Cost of running Bug Bounty Programs and LHE’s