Well nothing new, except that I am preparing for two presentations related to bug bounties for CzechTest and Good Requirements 2013 . Much harder to present than to test, but I think it’s good to try to do public speaking and share ideas (not only keeping it for yourself ). The presentations are not intended for experts in security, but is an introduction for software testers.
Another tip related to security bounties and hall of fame, is to try send anything, because good companies are appreciating the effort even if you send something out of scope.
I heard Nokia gives a smartphone for useful bugs so you can try that too.
Again, I still promote bug bounties to testers. I think testers have the reflex to send useful security issues, even if they are not too familiar with security.
It’s still nice to be a bug hunter even if there are “colder” periods.
Lots of good testers don’t have that high of income and I think 500$ per bug is worthwhile for spending a few hours in many countries.
If it’s called “security” that should not be intimidating. It’s a lot about creativity and not that much technical.
I wish I would have known few years ago about bug bounties, but it’s not too late anyway, so that’s why I am sharing and promoting this idea.
In testing there are not too many consultants to popularize it, for various reasons: relatively new thing this bug bounty idea, known consultants are not that technical, seeing the field too separate than it should be etc.
But I think it’s much better than to just be part of a blame culture at your workplace and maybe you can give it a thought.ShareThis