AtlSecCon 2022 has ended
Back To Schedule
Thursday, April 7 • 10:45 - 11:30
Responsible Disclosures - The Good, The Bad, and The Beg Bounties

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Responsible disclosure programs are a key part of any company's information security program, they allow safe harbour for researchers, hackers, and the general public to contact you without fear of reprisal. They can be a wealth of free information on the security of your company and their products but also a endless pit of false information, low level vulnerabilities, and people begging for money.  

In 2018 I helped my company (a Fortune 1000 medical device and informatics company) start their first responsible disclosure program, in the 4 years since this we have learned a wealth of information about how to run, and not to run a program of this. Today I would like to talk to you about this very process and how you can start, or grow a program at your company. We are going to discuss what a program is and why to have one, the concept of rewards, how to advertise your program and how to manage incoming vulnerabilities as well what to look out for along the way.


Hayden Stephenson

Security Engineer, ResMed
Hayden is a Security Engineer working with the largest network of connected medical devices in the world. In this role Hayden focuses on establishing  solutions that ensure globally distributed teams can easily achieve security fundamentals and best practices.
avatar for Jeff Hann

Jeff Hann

Senior Security Engineer, ResMed
Jeff has been an application security engineer for 4 years, and before that in development for another 10. He has helped his company grow many programs for overall security including a champions program, responsible disclosure, penetration testing and training.  

Thursday April 7, 2022 10:45 - 11:30 ADT
Track 3 - Summit Suite - Room 608/609