Bugcrowd Blog

Consistency is Key: Aligning Bugcrowd’s VRT with CVSS

Posted by Travis Andrade on Oct 10, 2017 10:00:00 AM

We are proud to announce the newest Crowdcontrol update, which now maps the open standard Vulnerability Rating Taxonomy (VRT) to the Common Vulnerability Scoring System (CVSS) v3, allowing organizations to manage submission severity with CVSS v3!

Read More
Product Updates

September 2017 Hall of Fame

Posted by Chloe Brown on Oct 9, 2017 10:00:00 AM

Bugcrowd is pleased to recognize our September 2017 Hall of Fame winners!

Read More

What We Can Learn from NETGEAR's Approach to Security

Posted by Ashish Gupta on Oct 6, 2017 9:00:00 AM

Earlier this week, Threatpost reported NETGEAR had fixed 50 vulnerabilities in its routers, switches, and NAS devices -- many of which were reported via the company’s bug bounty program,

Read More
Program Updates

Introducing the Bugcrowd Researcher Advisory Council

Posted by Chloe Brown on Oct 5, 2017 8:00:00 AM

In celebration of its upcoming one year anniversary, we are thrilled to formally announce the Bugcrowd Researcher Council. Begun as a pilot program in November of 2016, Bugcrowd's Researcher Success Team identified 5 Researchers to invite to a special kind of pilot feedback program; since then, the program has grown 200% and the Council members have given their valuable feedback on a variety of implemented improvements, including the Researcher Dashboard and the current ongoing improvements to tokenized search.

Read More

Cut Through The Noise; The Value of a Disclosure Program

Posted by Travis Andrade on Sep 27, 2017 10:00:00 AM

In talking with our customers, and particularly larger customers, we often hear of the need to establish an open, public, and passive channel for vulnerability disclosure from their users, customers, and the broader security community. These customers aren’t always ready for a public bug bounty but they may already have an existing security@ email address. They often have an existing security page and want the ability to accept disclosures directly from their website.

Read More
Product Updates

Bugcrowd - Correcting the Math for Customers in their Cybersecurity Equation

Posted by Ashish Gupta on Sep 22, 2017 10:00:00 AM

First and foremost, I want to thank everyone for such a warm welcome to Bugcrowd. I am thrilled to be joining a brilliant team as the new CEO and proud to be a part of something that will not only make an impact on organizations, but also on each of us as citizens of today’s digital world. I have watched closely as Bugcrowd pioneered the space for crowdsourced cybersecurity and security testing, winning the hearts and minds of hundreds of customers and tens of thousands of security researchers around the world, through the leadership of Casey Ellis. I’m thrilled to join the team and help steer the ship through this next phase of growth.

Read More
Interesting, Bugcrowd News

Ethical Security Research on SecureDrop

Posted by Jennifer Helsby, SecureDrop on Sep 19, 2017 11:05:00 AM

The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior.

Read More
Guest Blog, Program Launches

Moving Fast with Security

Posted by Ron White on Sep 18, 2017 10:15:00 AM

Our driving purpose at Ibotta is to reward our users with cash rebates that make a difference in their lives. They have entrusted their earnings with us, and it’s our responsibility to do our best to safeguard their accounts.

Read More
Guest Blog, Case Studies

August 2017 Hall of Fame!!

Posted by Kaila Pollart on Sep 7, 2017 10:00:00 AM

Bugcrowd is excited to announce our August 2017 Hall of Fame winners! 

We'd like to welcome mongo back to the first place spot, with sandeepv in VERY close second, and one of our private users rounding out in third. To thank our top performers for their hard work, Bugcrowd is pleased to announce that all three researchers have received bonuses for their performance in the month of August.

  1. mongo - 2388 points - $2,500 bonus 
  2. sandeepv- 2352 points - $1,500 bonus
  3. Private User - 1022 points - $1,000 bonus
Read More
Researcher Resources

Dash Elevates its Bug Bounty Program from Private to Public

Posted by Jim Bursch on Sep 6, 2017 6:02:00 AM

We’re excited to announce our bug bounty program is moving from private to public! Dash is opening up its doors to more than 60,000 registered and verified Bugcrowd security experts around the world to detect issues on behalf of Dash and be rewarded in bug bounty payments. That means more vulnerabilities are discovered and fixed, and we’re all more secure as a result.

Read More
Guest Blog, Bugcrowd News, Program Launches