Today we published the third episode of our podcast series 'Big Bugs' hosted by me. In this episode, embedded in this post and available on SoundCloud, I am joined by special guest Adam Hartway of Digital Safety (DiSa) to explore a $15K bug uncovered in their winner takes-all bug bounty program.
In early February Bugcrowd ran a CTF for its internal employees. The CTF was created and managed by our very own Director of Technical Operations, Jason Haddix. Haddix has been a part of many successful CTFs, both as a participant and organizer. He drew from his technical expertise and knowledge of hacker culture to make a fun and engaging CTF for Bugcrowd employees.
Putsi is #38 on the community leaderboard, with a 97.14% acceptance rate and an average bug priority of 3. Putsi just recently entered the top 40 on Bugcrowd and has had success with many private and public bounty programs on the platform.
Read below for our interview with Putsi and make sure to follow @Putsi on Twitter.
A few weeks ago we launched a very exciting program, and now that it’s well underway, wanted to give a huge shout out to the awesome organization making it happen. The Open Web Application Security Project (OWASP) is not only the authority on most things application security but a phenomenal open source organization that is constantly trying new things, evolving and innovating the application security landscape.
Bugcrowd has always held education and sharing as a core value, which is why I’m very pleased to announce the release of our second annual State of Bug Bounty Report.
This 22-page document gives the reader an up-close and personal look at the evolving dynamics of the bug bounty market, and deeper insight into the early stages of the “unlikely romance” blossoming between hackers and organizations. Read the full report
Nikaiw is #58 on the community leaderboard, with a 96.88% acceptance rate and an average bug priority of 2.37. Nikaiw has been on Bugcrowd for less than 6 months and in that time he's found 31 valid vulnerabilities, with 10 of those being P1's.
Read below for our interview with Nikaiw and make sure to follow @Nikaiw on Twitter.
Bugcrowd is excited to announce our May 2016 Hall of Fame winners! Big recognition goes to mert, who topped the May leaderboard with an astouding 786 points earned through multiple last minute P1 and P2 submissions. To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance.
For me, one of the most enjoyable aspects of the security industry is the security community. The relationships I've been fortunate enough to build over the past couple of years have made this job very rewarding and of course, a ton of fun. I recently had the chance to record a podcast discussion with Frans Rosen, founder of Detectify and active bug bounty hunter to discuss our experiences in the security community:
This morning we released the second episode of our new podcast series 'Big Bugs' hosted by me. This episode, embedded in this post and available on SoundCloud, takes a look at the recently popularized bug, ImageTragick. I discuss the detection and remediation time line of the widespread bug in the image processing suite, ImageMagic, as well as the implications it has for developers and researchers.