Keep track of the latest security news, and in touch with the bounty community.

Help Secure Drupal’s new Two-Factor Authentication

In conjunction with members of the Drupal Security Team, our friends at CARD.com have announced the addition of Two Factor Authentication (2FA) to their bounty program. This same 2FA component is likely to be added for accounts on Drupal.org. By including it in their scope and providing additional guidance on how to test it, CARD.com is Read article →

DEFCON Bug Bounty Talks

Saturday at DEFCON 22 provided three great sessions on bug bounties and responsible disclosure. After their talk, we chatted with CISO Jake Kouns and Chief Research Officer Carsten Eiram of Risked Based Security to discuss their bug bounty hunter talk. Risked Based Security provides intelligence on security vulnerabilities, and was established in partnership with the Open Security Foundation. Want to learn Read article →

Competing for #1 Bugcrowd Security Researcher

This week, we announced that Bugcrowd has reached our 10,000 researcher milestone. To celebrate this awesome community, and to reward the elite few who have climbed to the top of the mountain, we’re bringing out our longest standing #1 ranked Bugcrowd security researcher, known on the leaderboard as Bitquark, to Las Vegas to celebrate DEF Read article →

What 10K Security Researchers Means for You

Are you going to be at Blackhat or DEF CON? We’d be interested in meeting up! Our entire team will be there, so whether you are a researcher or interested in learning more about Bugcrowd, let us know. Bugcrowd has reached the milestone of acquiring 10,000 security researchers, who are helping secure companies such as Read article →

Introducing the Open Source Responsible Disclosure Framework

Bugcrowd has released an open source responsible disclosure policy, which anyone can access and use for free from Bugcrowd’s Github repository. This is part of an effort to help make responsible disclosure policies that provide legal protections for researchers a standard across the web. Created in collaboration with respected information security attorney Jim Denaro from Read article →

Dropcam launches Bugcrowd Security Program

Last month, Dropcam partnered with Bugcrowd to launch their responsible disclosure program. We’re now pleased to announce that the leaders in Wi-Fi video monitoring cameras have matured to a full-fledged bug bounty program today. Bug bounties provide better results in terms of researcher engagement and overall number of vulnerability submissions when compared to a typical responsible Read article →

A bug bounty on your terms: Introducing Flex Bounties

Today’s a big day for us and the crowdsourced security world. Bugcrowd is excited to announce Flex Bounty Programs, our time-boxed bug bounty security assessment that improves upon traditional penetration-testing results. Perhaps your team’s considered launching a bug bounty program, but isn’t yet ready to commit your resources to managing a continuous program. Or you’ve Read article →

6 Steps to Handling a Security Vulnerability Submission

Managing a security researcher who reports a vulnerability in your app can be a stress-free, streamlined process when proper steps are executed. By properly following 6 key guidelines, most of your vulnerability submission worries can be minimized. These steps will effectively prepare your team for the scenario of a hacker disclosing a vulnerability to your team. Read article →

Improve your bounty program with a Hall of Fame

Bug bounties allows security researchers to safely discover and report bugs in your application. Acknowledging researchers on your website via a Hall of Fame is a great way to thank them, a feature that Bugcrowd keeps updated automatically for its customers. Wait, what’s a Hall of Fame? A Hall of Fame lists security researchers who Read article →

Pinterest launches Bugcrowd disclosure program

Bugcrowd is excited to welcome social media power-house Pinterest as the newest addition to the Crowdcontrol platform! We’re partnering with Pinterest to provide triage for vulnerability submissions to their responsible disclosure program. Pinterest previously managed their responsible disclosure program in-house, and have decided to partner with Bugcrowd to review and validate all submissions. We’re happy Read article →