After two and a half years of running an outstanding bug bounty program with Bugcrowd, we’d like to shine a spotlight on one of our most engaged customers–Twilio.
Throughout October, November and December 2016, we challenged our crowd to submit bugs against some challenging targets–thick client applications. Previously we announced our October and November winners and today we’re excited to announce our two final two winners:
[Update] Active attacks now include: MongoDB, Elasticsearch and Hadoop.
Two weeks ago the Internet was hit with the first in what has become a frightening trend of ransom attacks. This first attack affected fewer than 200 MongoDB installations and for the most part flew under the radar given the meager sum requested by the attacker (0.2 Bitcoins). However, this attack marked a significant shift in ransom attack model and just two weeks later we’re seeing a major escalation of this model and its impact.
Crowdcontrol’s vulnerability management platform now features the capability for customers to add customized fields that improve workflow experience. Customers can add up to five customized fields to a program’s submission form.
Customized fields allow customers to align the bug bounty management process with their application security and development workflows. For example, add a field to assign specific teams to submissions or to help communicate which version of the application the vulnerability affects.
At the close of 2016, we surveyed 100 CISOs and decision makers to get a sense of their 2017 security priorities. The full report will be released at a later date. In the meantime, you can learn more about a few of the top application security focus areas and challenges in this post.
We're excited to share that NETGEAR®, Inc. has launched a public bug bounty program with us to help them stay in front of the latest threats and improve the security of the company's products.
Bugcrowd is happy to announce a new update to Crowdcontrol’s user permissions that now provides customers a much more customizable experience. A company may now segment their team members’ roles to specific programs.
Today is the first day of another Consumer Electronics Show–CES. Launched 50 years ago the show has been the place to see the latest gadgets, but over the last several years the scope of the show has grown. From cars to drones to personal fitness devices, the show once named for the consumer “electronics” it showcased now features all things consumer technology.
A few months ago we celebrated the launch of Okta's public bug bounty program after having run a private program for years. Today, we're taking a closer look at how their bug bounty program has influenced their application security program.