Today I attended a webinar hosted by Bug Hunting as a Second  Income with guest Jason Haddix, VP of Trust and Security at Bugcrowd,  Inc.


When most think of selling bugs, they have visions of the  underground hacking scene populated by nefarious characters using their  0-days for illegal activity. But what if you could get in on the bug  hunting action without the worry of law enforcement? You can now!

Companies not only use 3rd party software that has bugs, but more  and more they also have their own proprietary or custom code that most  certainly has bugs. The new-school world of “bug bounty” has  incentivized a whole new hacking scene, where companies can take  advantage of white hat hackers to find these bugs for fame and noJason  Haddix, VP of Trust and Security at Bugcrowd, Inc.minal rewards.  Companies are starting to learn it’s much cheaper to find them from  internet-do-gooders than from a massive breach and before they have to  pay crypto-currency to criminals.

It’s a seller’s market out there! In 2017, the CVE saw an increase  of more than 128% from 2016. For 2018, the upward trend is already  continuing. How do you get in on the action? Jason Haddix, VP at  Bugcrowd, will give you the insider’s view of how it’s done. Agenda for “Bug Hunting as a Second Income”

   Intro by Don Donzal, EH-Net Editor-in-Chief
    Preso by Jason Haddix
        Bug Hunting 101 – Know your skillset
        The common journey, web applications
        The great equalizer, reporting
        Focus – Best bang for the bug
        Path to success
    Post Game in EH-Net in the new “Bug Hunting” Group

Jason Haddix, VP of Trust and Security at Bugcrowd, Inc.

I am passionate about information security. Not only is security my career focus but it’s my hobby. I absolutely love my job.

In my previous role as Director of Penetration Testing I led  efforts on matters of information security consulting. The gamut  stretched from developing test plans for Fortune 100 companies to  competing in “bake-offs” to win business against other top tier  consulting vendors.

In my current role I serve as the Director of our Application  Security Engineers and Technical Operations. This means I am an  extension of (and advisor to) over 300+ security programs across many  industry verticals. Under my direction, my team has triaged over 15,000  vulnerabilities this year alone. We also strive to keep the relationship  between vulnerability researcher and customer a good one.

While I never call myself a “master” of anything, I do have a very  particular set of skills; skills I have acquired over a very long  career. These skills make me adept at getting business, finding security  vulnerabilities, and eventually leading a customer to a better security  posture.