Phew, August sure has been a busy month at Bugcrowd! This month we’ve launched a new researcher reputation system and a new app for customers, increased reward amounts for some of our top bounties, launched several new invite-only programs, and did this all while recovering from the fun and excitement of Black Hat, DEFCON & Read article →
Keep track of the latest security news, and in touch with the bounty community.
We won't email you every time we post. Only our most important news occasionally.
After a successful Flex Bug Bounty with Bugcrowd, Dropbox is kicking off their ongoing public bounty program. While Bugcrowd is widely known for our programs on web applications, our private IoT and mobile bounties are quietly delivering great results to customers… In just two weeks of testing on Dropbox’s defined targets during May, the program Read article →
At DEFCON 23 this year we interviewed a few members of the Bugcrowd Researcher community, getting their impressions of DEFCON and gathering some tips & tricks for bug bounty hunters.
We are excited to announce that our Summer 2015 Release is here! A lot of hard work has been put into our product over the last few months and we are pretty excited about the impact it is already making with our customers. This release only includes changes for the customer/company side of the product. Read article →
Have you ever wondered how we measure Crowd performance? The first measure you probably think of is a researcher’s Rank, which is based on Kudos points.
The only way for a security team to effectively manage risk is vulnerability prioritization and management. There are many different prioritization models used across the industry that are based on vulnerability risk and impact. Without a clear prioritization model, how do you know what to fix first? Highest CVSS Score? FIFO? LIFO? Externally known issues? Whatever your prioritization Read article →
It is time for the July 2015 Hall of Fame, and this month we had an unusual situation. We ran an internal project for our Application Security Engineers, and jhaddix crushed it. But the performance bonus program is for the Crowd, not employees. As a result, in July we are awarding the 1st, 2nd, and 4th Read article →
Let me say clearly and upfront: As the founder of a company that manages a community of security researchers, I empathize with Mary Ann Davies’ frustrations… but I also strongly disagree with her approach. Let me also say: The security research community, both friendly and adversarial, doesn’t have a concept of “No, You Really Can’t” (The Read article →
Welcome to Bugcrowd’s 2015 Guide to Hacker Summer Camp, an overview of what we think folks should check out this week in Vegas. Our team is going to be quite busy this week, presenting six times across all three shows, as well as hosting several events throughout the week.
A lot of organizations out there are looking talented hackers right now. Defense, offense, Ops, Dev, you name it, if you have skills then someone is probably looking for you! The problem doesn’t seem to be the *need* but a concise way to finding/getting these positions. Here are a few notes and resources we love Read article →