Bugcrowd Blog

Bug Bounty Lifecycle, Visualized

Posted by Payton O'Neal on Jun 28, 2016 2:32:08 PM
We recently released State of Bug Bounty 2016 Report which aggregated data and trends from companies running bug bounty programs, and researchers participating in them. A major takeaway from the accompanying survey of security professionals was the response to ' What are your organization's apprehensions about running a bug bounty program?' The number one most popular answer was 'Not sure where to begin.'
Read More
Running Your Own Program

Big Bugs Podcast Episode 3: $15K for IoT Device Takeover

Posted by Jason Haddix on Jun 27, 2016 12:17:50 PM

Today we published the third episode of our podcast series 'Big Bugs' hosted by me. In this episode, embedded in this post and available on SoundCloud, I am joined by special guest Adam Hartway of Digital Safety (DiSa) to explore a $15K bug uncovered in their winner takes-all bug bounty program.

Read More
Interesting

Sandbagging, 'Sneakers' and Steganography: Bugcrowd's First Internal CTF

Posted by Leif Dreizler on Jun 24, 2016 4:19:04 PM

In early February Bugcrowd ran a CTF for its internal employees. The CTF was created and managed by our very own Director of Technical Operations, Jason Haddix. Haddix has been a part of many successful CTFs, both as a participant and organizer. He drew from his technical expertise and knowledge of hacker culture to make a fun and engaging CTF for Bugcrowd employees.

Read More
Interesting

Researcher Spotlight - Putsi

Posted by Sam Houston on Jun 14, 2016 2:03:12 PM

Putsi is #38 on the community leaderboard, with a 97.14% acceptance rate and an average bug priority of 3. Putsi just recently entered the top 40 on Bugcrowd and has had success with many private and public bounty programs on the platform.

Read below for our interview with Putsi and make sure to follow @Putsi on Twitter.

Read More
Researcher Profiles

OWASP's Open Source Bug Bounty Launch

Posted by Payton O'Neal on Jun 13, 2016 3:28:37 PM

A few weeks ago we launched a very exciting program, and now that it’s well underway, wanted to give a huge shout out to the awesome organization making it happen. The Open Web Application Security Project (OWASP) is not only the authority on most things application security but a phenomenal open source organization that is constantly trying new things, evolving and innovating the application security landscape.

Read More
Bugcrowd Updates

Bugcrowd's 2nd Annual State of Bug Bounty Report - A Note from the CEO

Posted by Casey Ellis on Jun 8, 2016 8:45:37 AM

Bugcrowd has always held education and sharing as a core value, which is why I’m very pleased to announce the release of our second annual State of Bug Bounty Report.

This 22-page document gives the reader an up-close and personal look at the evolving dynamics of the bug bounty market, and deeper insight into the early stages of the “unlikely romance” blossoming between hackers and organizations. Read the full report

Read More
Bugcrowd Updates

Researcher Spotlight - Nikaiw

Posted by Sam Houston on Jun 6, 2016 2:31:40 PM

Nikaiw is #58 on the community leaderboard, with a 96.88% acceptance rate and an average bug priority of 2.37. Nikaiw has been on Bugcrowd for less than 6 months and in that time he's found 31 valid vulnerabilities, with 10 of those being P1's.

Read below for our interview with Nikaiw and make sure to follow @Nikaiw on Twitter.

Read More
Researcher Profiles

May 2016 Leaderboard

Posted by Kaila Pollart on Jun 3, 2016 12:02:38 PM

Bugcrowd is excited to announce our May 2016 Hall of Fame winners!  Big recognition goes to mert, who topped the May leaderboard with an astouding 786 points earned through multiple last minute P1 and P2 submissions.  To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance.

Read More
Bugcrowd Updates

Podcast - An Inside Look at the Crowd with Frans Rosen & Sam Houston

Posted by Sam Houston on May 31, 2016 1:45:44 PM

For me, one of the most enjoyable aspects of the security industry is the security community. The relationships I've been fortunate enough to build over the past couple of years have made this job very rewarding and of course, a ton of fun. I recently had the chance to record a podcast discussion with Frans Rosen, founder of Detectify and active bug bounty hunter to discuss our experiences in the security community:

Read More
Interesting

Big Bugs Podcast Episode 2: ImageTragick Up Close

Posted by Jason Haddix on May 27, 2016 10:14:28 AM

This morning we released the second episode of our new podcast series 'Big Bugs' hosted by me. This episode, embedded in this post and available on SoundCloud, takes a look at the recently popularized bug, ImageTragick. I discuss the detection and remediation time line of the widespread bug in the image processing suite, ImageMagic, as well as the implications it has for developers and researchers.

Read More
Interesting

Stay in touch with the bug bounty community and on top of latest security news