Explore the world of bug bounty programs and crowd-sourced security in this 44-minute conference talk from nullcon Goa 2013. Delve into the Mozilla bug bounty program, learning about its creation, successes, and challenges. Gain insights into the differences between bug bounty programs and the black market, understanding how these initiatives can combat the effects of illicit activities. Discover the unique aspects of Mozilla's program, which covers both client-side and website security for Firefox and the Mozilla Foundation. Examine the various types of bug bounty programs, their values, benefits, and potential concerns. Learn about the process of managing submissions, including the role of the Bugmatic Committee and Web Body Process. Analyze the results and cost breakdown of successful programs, and explore who typically submits bugs. By the end of this talk, acquire the knowledge needed to determine if a bug bounty program would benefit your organization and how to initiate one effectively. Read more