Bug Bounty Programs and Responsible Vulnerability Disclosure

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | RSS

TechSpective Podcast Episode 115

Adibe has worked with security researchers and managed a vulnerability disclosure or bug bounty program for years. It now has an invite-only Adobe-VIP Bug Bounty program as well, though–granting broader and early access to select researchers to help guide and secure Adobe products.

A recent blog post announcing the Adobe-VIP program explains, “The Adobe-VIP private bug bounty program is maintained by our Product Security Incident Response Team (PSIRT) and is designed for engagement with security researchers who are eager to work more closely with our teams to proactively identify and quickly resolve issues that could impact Adobe and our customers. The private bug bounty program offers rewards to researchers who successfully detect and report exploitable vulnerabilities to Adobe.”

Dan Ventura, Manager of the Product Security Incident Response Team (PSIRT) at Adobe, joins this episode to talk about bug bounty programs and vulnerability disclosure, and provide some details and insight into the Adobe-VIP program. We also get into some of the ethical intricacies of bug bounty programs and the role of freelance security researchers.

Check out the full episode for more on responsible vulnerability disclosure. The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.