Keep track of the latest security news, and in touch with the bounty community.

Introducing the Open Source Responsible Disclosure Framework

Bugcrowd has released an open source responsible disclosure policy, which anyone can access and use for free from Bugcrowd’s Github repository. This is part of an effort to help make responsible disclosure policies that provide legal protections for researchers a standard across the web. Created in collaboration with respected information security attorney Jim Denaro from Read article →

Dropcam launches Bugcrowd Security Program

Last month, Dropcam partnered with Bugcrowd to launch their responsible disclosure program. We’re now pleased to announce that the leaders in Wi-Fi video monitoring cameras have matured to a full-fledged bug bounty program today. Bug bounties provide better results in terms of researcher engagement and overall number of vulnerability submissions when compared to a typical responsible Read article →

A bug bounty on your terms: Introducing Flex Bounties

Today’s a big day for us and the crowdsourced security world. Bugcrowd is excited to announce Flex Bounty Programs, our time-boxed bug bounty security assessment that improves upon traditional penetration-testing results. Perhaps your team’s considered launching a bug bounty program, but isn’t yet ready to commit your resources to managing a continuous program. Or you’ve Read article →

Improve your bounty program with a Hall of Fame

Bug bounties allows security researchers to safely discover and report bugs in your application. Acknowledging researchers on your website via a Hall of Fame is a great way to thank them, a feature that Bugcrowd keeps updated automatically for its customers. Wait, what’s a Hall of Fame? A Hall of Fame lists security researchers who Read article →

Pinterest launches Bugcrowd disclosure program

Bugcrowd is excited to welcome social media power-house Pinterest as the newest addition to the Crowdcontrol platform! We’re partnering with Pinterest to provide triage for vulnerability submissions to their responsible disclosure program. Pinterest previously managed their responsible disclosure program in-house, and have decided to partner with Bugcrowd to review and validate all submissions. We’re happy Read article →

Covert Redirect and Known Issues

Recently, an application-layer vulnerability known as OAuth  “Covert Redirect” was publicly disclosed and brought to mainstream attention. It was initially hailed in the media as another Heartbleed, and then quickly poo poo’d as overhyped. The current debate seems to be around whether the issue is another Heartbleed. It is not. It lacks the impact and pervasiveness. Covert Redirect Read article →

Bug Bounties Drive Sales? OR Why Market Your Bug Bounty Program

I’m a sales guy through and through. I understand technical bits and how they translate to the business overall, but I don’t understand how a SQL Injection vulnerability makes databases spit out my bank account details or how a Cross Site Scripting bug can take over my browser. I know they’re bad and they shouldn’t Read article →

Heroku Launches a New Bug Bounty Program with Bugcrowd

We’re pleased to announce Heroku has joined forces with Bugcrowd to launch a bug bounty program! View their Bugcrowd bounty page here. We’re excited to partner with Heroku, providing them with an all-in-one bug bounty solution that allows them to focus on what’s important – The security of their platform and their customers. With the Read article →

Open Letter to Internet Users and Businesses: Help Us Test OpenSSL and Make the Internet Safer

Dear Internet Users, To skip directly to the Crowdtilt campaign: OpenSSL is the software that you rely on to keep you secure on the Internet. It’s everywhere, from banking websites to the router in your home, and it’s quite likely on the computer you’re sitting at right now.  In April 2014, a vulnerability was disclosed Read article →

Heartbleed Dataset Collection

As sure as there are vulnerabilities as interesting and remotely exploitable (CVSS Exploitability Score: 10) as Heartbleed, there are security researchers who develop tools (a list of which you’ve helped us compile here) and use them to build incredibly insightful data sets. Here’s a few Heartbleed datasets we were looking at today… If we’re missing anything Read article →