Loading…
← Back to schedule
[Virtual] PRO WORKSHOP: Bolster Your Bug Bounty – Code Search & Variant Analysis Techniques
Tuesday February 18, 2025 12:00pm - 12:50pm PST
VIRTUAL DeveloperWeek PRO STAGE
Milan Williams, Semgrep, Senior Product Manager
Austin Theriault, Semgrep, Software Engineer

With so many repositories, organizations can struggle to locate and remediate recurring insecure code patterns. In this talk, you will understand the fundamentals of bug bounty programs, their importance, and common inefficiencies. Attendees will learn how to perform variant analysis, refine searches to reduce false positives and find vulnerabilities quickly. By leveraging these techniques, security teams can identify and reuse previous findings, extending the impact of their bug bounty program and significantly reducing costs. This technical session also provides a detailed architectural overview of building an in-house code search engine, drawing from our own experience. We'll share our wins & woes through multiple iterations, lessons learned, and preferred technologies. Our session concludes with a practical end-to-end walkthrough of a sanitized bug bounty report. Join us to gain knowledge to implement these strategies and technologies in your own engineering practice. 
Speakers
avatar for Milan Williams

Milan Williams

Senior Product Manager, Semgrep
Milan Williams is a Senior Product Manager at Semgrep, where she helps security engineers and developers work together to ship secure software. She recently graduated from Harvard University with degrees in Computer Science and Physics. In her free time, you can find her running in... Read More →
avatar for Austin Theriault

Austin Theriault

Software Engineer, Semgrep
Tuesday February 18, 2025 12:00pm - 12:50pm PST
VIRTUAL DeveloperWeek PRO STAGE
  OpsWorld

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link