Keep track of the latest security news, and in touch with the bounty community.

Bugcrowd is Enterprise Ready

Not all businesses are the same and Bugcrowd recognizes this. From our experience working in the enterprise, for the enterprise, selling to the enterprise and supporting offerings in the enterprise, we know that the needs of the enterprise are unique. Our flagship product, Crowdcontrol has evolved to meet those needs. From the start it has Read article →

Researcher Interview: Fredrik “Almroot” Almroth

We’re joined by Fredrik “Almroot” Almroth, a Bugcrowd community member and highly skilled security researcher. Fredrik has been active in bug bounties since 2010, when he found his first Google vulnerability. Fredrik and his team at Detectify have found vulnerabilities in many of the top bug bounties in the world, including Google and Facebook. He’s one of the Read article →

Introducing the Bugcrowd Forum

Today I’m excited to announce the launch of the Bugcrowd Forum. The Bugcrowd forum is a place for security researchers and white hat hackers to come together to discuss topics of interest, create relationships, with the goal of creating new opportunities for researchers to share knowledge with each other and accelerate their careers.

Open Source Software needs better bug bounties

Last week Jeff “@CodingHorror” Atwood, the co-founder of Stack Overflow and Discourse, posted a fantastic blog essay about bug bounties and open source software. His post, “Given Enough Money, All Bugs are Shallow” offers advice for how Bug Bounty programs can improve

US Income Taxes and Bug Bounties

Ah spring.  Plants are awakening after the winter chill, days grow longer, and its time to catch up on the latest reading of US income tax laws.  If you are subject to paying US income taxes and bug bounties are a source of income for you, you’ll want to read up about the Internal Revenue Read article →

Bugcrowd Raises $6 Million In Series A Funding

We are thrilled to announce our recent round of Series A funding. Led by Costanoa Venture Capital, along with Rally Ventures, Paladin Capital Group and Blackbird Ventures, we’ve raised $6 Million, bringing us to a total of $9 Million since our founding in late 2012.

Western Union Announces Public Bug Bounty

After multiple breaches and millions of dollars in cleanup costs accrued in the financial sector during 2014, the financial services industry has risen to the top as the most targeted sector for data breaches. Number of 2014 Data Breaches grouped by Type of Target In this ever evolving landscape of continual cyber threats, we at Bugcrowd are always on Read article →

Instructure launches Private Bug Bounty Program

Instructure has leveled up its security practices yet again – we’re now proud to announce the launch of their private bug bounty program. Instructure is the company behind Canvas, an open-source learning management system that is not only revolutionizing the way we educate, but progressing security standards as well. The company first engaged Bugcrowd in a Read article →

Increasing pen test results by 8x: The Instructure Story

Since 2011, Instructure has proactively publicized the results of their annual penetration test reports to provide transparency around the security of their learning management system. From 2011 to 2013, these pen tests discovered an average 7.6 valid vulnerabilities each year. For its most recent annual penetration test, Instructure engaged Bugcrowd in a private Flex program, Read article →

Guest Blog: Best Practices for Quality Bug Hunting by SatishB3

[Today I’d like to introduce you to Bugcrowd member Satish Bommisetty.  An author and professional security researcher, Satish has helped improve the application security of dozens of companies by reporting over 170 valid vulnerabilities through Bugcrowd. We are honored to share his thoughts on how bounty hunters can deliver high quality professional results and create a respectful security research community.  These are things that Read article →