Before I go into my thoughts about this year’s RSA Conference, I’d like to personally thank everyone that came out to support Bugcrowd during our events this week. We wanted to meet you all and hang out, and in that regard it went better than we could have hoped for. (And welcome to all of Read article →
Keep track of the latest security news, and in touch with the bounty community.
We won't email you every time we post. Only our most important news occasionally.
HP’s Zero Day Initiative has upped the ante for vulnerability disclosure by asking vendors to fix disclosed vulnerabilities within 120 days. While many issues are being fixed within the existing window, HP Zero Day is pushing vendors to be even more responsive, stating that they’d release limited details after 120 days. ZDI’s current inventory consists Read article →
It’s Monday, and RSA/B-sides week 2014 is already in full force! Over the last 24 hours, a ton of important security topics have been discussed at BsidesSF 2014. (Bugcrowd is very proud to be supporting the information security community as a BsidesSF Core sponsor.) Zach Lanier and Mark Stanislav – The Internet of Things Duo Security announced Read article →
Managing a hacker who reports a vulnerability in your app can be a stress-free, streamlined process when proper steps are executed. By properly following 6 key guidelines, most of your vulnerability submission worries can be minimized. These steps will effectively prepare your team for the scenario of a hacker disclosing a vulnerability to your team. Read article →
At our headquarters in San Francisco, we’re celebrating Valentine’s Day today, and since we love our testers, we thought we’d share a few things that companies can do to make a tester’s day brighter. Always be improving yourself – What your testers want most this Valentine’s Day is new features to test on! The moment Read article →
***This post was written by a Bugcrowd tester, who would like to remain anonymous*** People aren’t concerned with security breaches until it directly affects their lives. I was curious what my non-security friends thought about the recent breaches, so I posted the following on Facebook: “40 million credit card #’s exposed by target and 4.6 million Read article →
Two weeks ago, Facebook awarded their largest single bug bounty award ever. Reginaldo Silva was rewarded $33,500 for his XML external entities vulnerability. Bugcrowd had a chance to catch up and interview with Reginaldo to learn more about how he tests and his journey to becoming an expert security researcher. How did you first become interested Read article →
Congratulations to Github for launching their bug bounty security program! As a recognized leader in source control and the de facto resume for developers, Github’s bug bounty program helps reaffirm the value in crowdsourced security programs. It’s another win for security researchers, who can submit bugs through a controlled process managed by Github’s security team. Read article →
As many as 70 million people were hacked in the Target breach . Neiman Marcus may have been compromised since July, 2013 , and most recently, Michaels, the arts and crafts store, has reported a potential breach as well , but these aren’t the only companies who’ve recently been exposed. We can do better. Or Read article →
Bitquark is one of Bugcrowd’s longest running ninja’s, and is someone who *truly* fits the description of “a good guy who thinks like a bad guy”. His Bugcrowd profile is here. This article was originally posted at Bitquark’s blog. I’d like to use my last blog post of the year to sum up five vulnerabilities Read article →