SecAppDev 2025 lecture details
The Bug Bounty Effect: From DevSecOops to Success!
Discover how bug bounty programs outperforms traditional AppSec tools by uncovering more vulnerabilities at lower cost. We share real-world examples, strategies, and challenging takes on conventional security practices.
Schedule TBD
Abstract
Since 2019, our organization has explored AppSec practices – from code scanning to dynamic testing – across the DevSecOps lifecycle. These methods often yield false positives or struggle to scale, resulting in more "DevSecOops" than actionable results. In contrast, our private bug bounty program consistently delivers. In this session, you discover how bug bounties uncover more vulnerabilities at a fraction of the cost, learn from real-world examples, and hear spicy takes that challenge traditional AppSec advice. We will also tackle a few vulnerability challenges from past reports.
Key takeaway
Bug bounty programs are essential and should be the key ingredient in modern AppSec programs.
Content level
Deep-dive
Target audience
Developers, Security Engineers/Champions, Architects
Prerequisites
Bring a laptop if you want to solve vulnerability challenges!
Join us for SecAppDev. You will not regret it!
Grab your seat now
Emil Vaagland
Head of Product Security, Schibsted Marketplaces (soon to be Vend)
Expertise: Bug Bounty programs & Product Security
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Reviewing 3rd party libraries security using Scorecards
Introductory lecture by Niels Tanis
We rely on 3rd party libraries which results in security risks. OpenSSF’s Scorecard helps assess package security. This session explores its checks and additional insights to strengthen supply-chain security.
Key takeaway: Understanding how to leverage the OpenSSF Scorecard to review used 3rd party libraries more easily.
Using AI to write Secure React.JS code
Deep-dive lecture by Jim Manico
In this talk, we will explore the massive potential of AI in secure code creation. This session will discuss techniques that will aid AI code creation engine to produce higher quality and more secure code.
Key takeaway: Actionable advice on using AI to generate secure code
Navigating the Security Landscape of Modern AI
Deep-dive lecture by Vera Rimmer
In this session, we will overview the general security landscape of AI technologies, including foundational machine learning, deep learning, and large language models.
Key takeaway: Integrating AI inevitably increases the threat landscape of a system. Understanding how AI can be exploited is key to developing effective mitigations