As Bug Bounty programs continue to mature and evolve, we're faced with a problem: How do we incentivize the right things, and how do we ensure that our incentives are fair and consistent? PayPal's program has had many iterations, and in this talk we'll go behind the scenes to see how we determine what award to set.

Pax Whitmore

Pax started working on PayPal's Bug Bounty program in 2016. Prior to this role, he was a penetration tester for the US Courts and a security engineer for a major registrar and hosting provider. Before starting his IT career a decade ago, he was a photographer and film reviewer. He will argue about CVSS and movies with equal delight.