This session will provide an overview of how a hyper-growth SaaS company transformed its product security program by engaging the worldwide community of independent security researchers through a private bug bounty program. Chuck Kesler, CISO of Pendo.io, will share how the program was launched, the value that it delivered, and the challenges that they encountered along the way. This session will be applicable to a wide range of organizations - SMBs and large enterprises can equally benefit from running bug bounty programs. The session will conclude with a summary of steps that attendees can take to launch their own program.

Learning Objectives:

• Understand the situations where an organization may benefit from having a bug bounty program and the benefits that an organization could realize from having a one
• Understand how to effectively engage with security researchers through a bug bounty program
• Understand the challenges that an organization may face in launching a bug bounty program, and how to address them