Last day to save $150 off Offensive Operations courses during SANS Pen Test & Offensive Training 2021!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The State of Vulnerability Discovery - How Bug Bounties Are Actually Making a Difference

  • Friday, October 21, 2016 at 11:00 AM EDT (2016-10-21 15:00:00 UTC)
  • David Baker, Casey Ellis, John Pescatore


  • Bugcrowd

You can now attend the webcast using your mobile device!



Bug bounty programs are moving from the realm of novelty towards becoming best practice.
While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. Bug bounty programs have increased 210% percent since 2013.*
Bug bounties provide an opportunity to level the cybersecurity playing field, strengthen the security of products, and cultivate a mutually rewarding relationship with the security researcher community.
Join Bugcrowd, SANS, and a customer panel as we discuss the momentum behind crowdsourced security.


  • What it's like to run a bug bounty program
  • By the numbers: The maturity of the bug bounty economy
  • Motivations of a hacker

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Casey Ellis

As CEO and founder of Bugcrowd, Casey Ellis brings over 14 years of information security experience to lead the company's technology vision and strategic operation. Prior to Bugcrowd, he served as chief security officer at ScriptRock. A former penetration tester, Casey has taken on the role of "white hat" to connect organizations large and small with the power of Bugcrowd's platform for a revolutionary approach to cybersecurity. Casey has presented at several top security shows including Black Hat, DefCon, RSA, DerbyCon, BSides, Converge, SOURCE Conference and the AISA National Summit.

David Baker

Currently the CSO at Okta, David Baker is a proven Information Security Professional with over 15 years experience in computational research, information security and corporate information technology. Solid experience in start-up business strategy, leadership, and growth. Active participant and contributor in the Information Security field, having presented at Agora, RSA, and to representatives of the White House, DOE, and DHS.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.