Bug Bounty: Under the Hood

We've all heard about Bug Bounty programs, and they are becoming far more accepted and a standard industry tool. But what happens when a bug is submitted? Get an insider's perspective from PayPal's Bug Bounty program, including triage and risk decisions, the internal process and debates, and the challenges of communication. We also discuss the ethical considerations of running a program, the future of Bug Bounties, and, of course, our favorite war stories.

Ray Duran

Ray Duran manages PayPal's Bug Bounty program. He has over five years security experience, working in PKI, malware analysis, digital crimes, bug bounty, penetration testing, and root cause analysis.

Pax Whitmore

Pax Whitmore is the lead engineer for PayPal's Bug Bounty program, focusing on mobile and web applications. In his career as a security analyst and penetration tester, Pax has worked for major corporations and government agencies, performing malware analysis, security auditing, and blackbox testing.

Mitchell Poortinga

Mitchell Poortinga manages the Penetration Testing team at PayPal. He previously worked as a penetration tester and consultant for Fortune 500 companies and SMBs, with 10+ years of experience.