Writing Vulnerability Reports that Maximize Your Bounty Payouts

Originally streamed Friday, April 1 at 10AM PDT

Kymberlee Price gives her talk "Writing Vuln Submissions that Maximize Your Payouts" which she originally presented at Nullcon 2016 during the "Bounty Craft" Track

This 30 minute talk discusses several critical steps to writing great vulnerability submissions that will speed up issue triage for the incident response team receiving your report (and result in higher bounty payouts).  Examples of common mistakes will be reviewed with real submissions received by Bugcrowd.

Key takeaways: 

  • What to look at when reading the bounty brief
  • How to communicate impact using the STRIDE model
  • How to verify findings and provide POC & attack scenarios


View the Slides


More Resources