Keep track of the latest security news, and in touch with the bounty community.

US Income Taxes and Bug Bounties

Ah spring.  Plants are awakening after the winter chill, days grow longer, and its time to catch up on the latest reading of US income tax laws.  If you are subject to paying US income taxes and bug bounties are a source of income for you, you’ll want to read up about the Internal Revenue Read article →

Bugcrowd Raises $6 Million In Series A Funding

We are thrilled to announce our recent round of Series A funding. Led by Costanoa Venture Capital, along with Rally Ventures, Paladin Capital Group and Blackbird Ventures, we’ve raised $6 Million, bringing us to a total of $9 Million since our founding in late 2012.

Western Union Announces Public Bug Bounty

After multiple breaches and millions of dollars in cleanup costs accrued in the financial sector during 2014, the financial services industry has risen to the top as the most targeted sector for data breaches. Number of 2014 Data Breaches grouped by Type of Target In this ever evolving landscape of continual cyber threats, we at Bugcrowd are always on Read article →

Instructure launches Private Bug Bounty Program

Instructure has leveled up its security practices yet again – we’re now proud to announce the launch of their private bug bounty program. Instructure is the company behind Canvas, an open-source learning management system that is not only revolutionizing the way we educate, but progressing security standards as well. The company first engaged Bugcrowd in a Read article →

Increasing pen test results by 8x: The Instructure Story

Since 2011, Instructure has proactively publicized the results of their annual penetration test reports to provide transparency around the security of their learning management system. From 2011 to 2013, these pen tests discovered an average 7.6 valid vulnerabilities each year. For its most recent annual penetration test, Instructure engaged Bugcrowd in a private Flex program, Read article →

Guest Blog: Best Practices for Quality Bug Hunting by SatishB3

[Today I’d like to introduce you to Bugcrowd member Satish Bommisetty.  An author and professional security researcher, Satish has helped improve the application security of dozens of companies by reporting over 170 valid vulnerabilities through Bugcrowd. We are honored to share his thoughts on how bounty hunters can deliver high quality professional results and create a respectful security research community.  These are things that Read article →

Guest Blog: Validating Bugs to Improve Success by Archita

[Bugcrowd is a proud sponsor of Nullcon 2015, which is less than a week away!  While we are putting the finishing touches on our Bug Bash event, we want to introduce you to another of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to have a Read article →

Nullcon 2015 Bug Bash in Goa, India

Bugcrowd is a proud sponsor of Nullcon 2015 which is rapidly approaching! We’re working with some of the best researchers from the Bugcrowd community to host a Bug Bash at Nullcon on February 7th. Meet and learn from some of the best researchers in the world, and compete to rise to the top of the Bug Read article →

Guest Blog: How to Kick Start in Bug Bounty by worldwideweb

[Bugcrowd is a proud sponsor of Nullcon 2015, which is rapidly approaching!  While we are hard at work preparing to host an awesome Bug Bash event, we want to introduce you to a few of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to Read article →

Guest Blog: httpscreenshot – A Tool for Both Teams

[The Shmoocon presentations I recommended last week did not disappoint, and I’m excited to have the opportunity to share some of the great research I saw there with Bugcrowd customers and Crowd members.  This tool released by Justin Kennedy and Steve Breen can be used by both Red Teams and Blue Teams.  Enjoy!  ~Kymberlee] Guest Blog: httpscreenshot – Read article →