Perhaps you’ve heard of companies launching bug bounties in the news, or are looking to improve upon your current security assessment tools and services. Incentivizing security researchers to responsibly report vulnerabilities they discover for a reward provides an extra layer of security via crowdsourcing. Heroku, Twilio, Pinterest, and Dropcam are a small sample of proactive companies utilizing Read article →
Keep track of the latest security news, and in touch with the bounty community.
We won't email you every time we post. Only our most important news occasionally.
In celebration of the 10 year anniversary of the Argentine security conference, ekoparty, Bugcrowd is doubling our payouts for the bugs submitted during the conference. From now until 21:10ART, Bugcrowd will pay out twice as much as the assigned reward money for the bug bounty program on our product. Check out our bounty page and Read article →
¡Bugcrowd está aprendiendo Español! Vamos a Argentina para ekoparty esta semana, y vamos a hablar con los investigadores argentinos, así que queríamos asegura que nuestro FAQ fue traducido al español también. Además, en un esfuerzo para hacer crecer con mayor precisión la base de talento investigador mundial, Bugcrowd ha comenzado a hacer su plataforma más Read article →
We recommend our researchers read this guide as it provides answers to common questions regarding bounties, submissions, and all relevant facets of the Bugcrowd portal bounty system. Are you a security researcher? Sign up and begin hunting for vulnerabilities today! General Questions Why Bugcrowd? Since 2012, Bugcrowd has been making it easier to disclose Read article →
When submitting vulnerabilities via the Bugcrowd’s Crowdcontrol platform, it’s important to ensure that you provide enough information for the vulnerability to be validated. Without this information, the submission may be delayed or incorrectly marked, resulting in issues with the submission process. Obviously this is something that affects both researchers and the bounty owner. Below we’ve Read article →
If you’ve been paying attention to your Bugcrowd researcher profile, you may have noticed it was recently updated with an Accuracy metric. Accuracy is a new measure of effectiveness we’ve rolled out across all profiles. It measures the ability of a researcher to identify and report vulnerabilities that are marked valid and eventually fixed. Below, Read article →
Today, Homeboy released their slick based battery-powered Wi-Fi cameras, which TechHive called what “could be the best home-security cameras yet”. What you probably haven’t heard is how Homeboy proactively tested the security of their cameras with 20 of Bugcrowd’s elite security researchers before launching. Bugcrowd security researcher Tobias Mccurry was one of the twenty that received a Homeboy camera before Read article →
CARD.com recently finished their campaign to help test Drupal 2FA authentication with their bug bounty program, which helped secure not only CARD.com, but the open-source Drupal community as well. We discussed the results with Greg Knaddison, Director of Engineering, and Matt Chapman, Sr. Open Source Platforms Engineer, at CARD.com. Greg is also an advisory board member (volunteer) Read article →
What if there was a way to engage the effectiveness, economics, resource availability and common-sense of crowdsourced security testing, without launching a public bug bounty program as they are commonly known today? What if we could deliver security testing where: You pay for results instead of effort, yielding up to 5x the number of vulnerabilities Read article →
We’re excited to have Blackphone and Silent Circle announce the launch of their bug bounty programs on our platform today. Privacy is a key concern for today’s smartphone owners, and Blackphone and Silent Circle are hitting this sentiment with their privacy-centric products and software. Having their bug bounty programs on our platform only furthers this Read article →