Bugcrowd Blog

Inside the Mind of a Hacker: Bugcrowd's 2016 Bug Hunter Community Report

Posted by Sam Houston on Sep 29, 2016 9:59:00 AM

Over the past four years that we've been helping organizations connect with the world's top security talent to run crowdsourced security programs, a lot has changed. In our recent State of Bug Bounty Report, we examine that change with proof that more traditional organizations adopting the bug bounty model, more private programs being run, and so on and so forth. 

The crux of that change, however, lies in the community. Whether you call them hackers, bug hunters, or security researchers, they make the bug bounty world go 'round. As this niche grows and evolves from the small group it once was, it is becoming more nuanced, and the motivations of bug hunters vary widely.

Read More
Bugcrowd News

New Program Launch: AgileBits Bug Bounty for 1Password

Posted by Payton O'Neal on Sep 28, 2016 11:00:00 AM

Since 2006, 1Password has been a trusted industry leader in managing and storing passwords and has always prioritized product security.

To reinforce their commitment to product security, AgileBits, the company behind 1Password, is launching their public bug bounty program!

 

Read More
New Program Announcements

Researcher Spotlight: Vishnu Vardhan Reddy

Posted by Sam Houston on Sep 27, 2016 4:56:33 PM
We recently got to know Vishnu Vardhan Reddy who is ranked 19th on Bugcrowd's all time Hall of Fame, and recently won our Buggy Award for most activity in Kudos only programs. Vishnu joined the Bugcrowd community in March 2015, and in that time has racked up an astounding 1435 Kudos points. 

Follow Vishnu on Twitter: @Vishnu_dfx
 
 
We love getting to know members of the Bugcrowd community and Vishnu's unique experience and background provides great insight into it. Read the below interview to learn more about why Vishnu bug hunts, what keeps him going, and where he sees it going. 
 
Read More
Researcher Profiles

4 Common Business Drivers for Launching a Bug Bounty

Posted by Abby Mulligan on Sep 23, 2016 10:35:10 AM

In the past several years, bug bounties have evolved from the open-to-everyone contests they once were, becoming more nuanced with the ability to meet various organizational goals and objectives. While some reasons for starting a bug bounty program may be more obvious than others, there are multiple business goals or drivers that organizations, including your own, may identify when looking into launching a bug bounty program.

Read More

[Guide] Getting Started with OWASP's Bug Bounties

Posted by Payton O'Neal on Sep 20, 2016 1:22:11 PM

"Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software." In keeping with their mission statementOWASP has adopted the bug bounty model, tapping into the broader community of global security researchers to secure their defender libraries and open source projects. Since June of this year, they have launched bug bounty programs for four OWASP open source projects:

Read More
Bug Hunter Tips and Tricks

Cash Back Reward Program for Top Researchers

Posted by Kymberlee Price on Sep 19, 2016 12:08:29 PM

We know that security researchers have many options when it comes to participating in bug bounty programs, which is why we are so proud to have some of the best researchers in the world participating in bounty programs on the Bugcrowd platform. Throughout the year, we show our appreciation in many ways–from monthly performance bonuses, private parties and events, SWAG, and more.

Today we are excited to publicly announce a new annual reward program for Bugcrowd community members that consistently submit the highest impact vulnerabilities to Bugcrowd bounty programs.

Read More
Bugcrowd News

Bug Bounty Solutions & Hackers On-Demand

Posted by Ryan Floersch on Sep 14, 2016 1:18:03 PM

Historically, the first bug bounty programs welcomed any and all security vulnerability feedback from the security community as a whole, typically through a simple web page. In exchange, early bug bounty programs gave thanks, SWAG, and more recently, cash. Due to the 'open-to-everyone' nature of how the first bug bounty programs started, the term “bug bounty” has held a connotation of “the wild west of security.”

Today, however, bug bounties have become much more nuanced, and Bugcrowd’s crowd of security researchers can be utilized in a variety of ways to help organizations secure their products. While Bugcrowd certainly offers and advocates for public bug bounty programs, we have delivered a variety of other bug bounty solutions since our start in 2013. We deliver our crowd of thousands of hackers to organizations with a variety of different needs and goals through 3 distinct types bug of bounty solutions:

Read More
Bugcrowd News

Program Updates: Communicating Bounty Brief Changes to the Crowd

Posted by Travis Andrade on Sep 12, 2016 2:00:36 PM

Crowdcontrol now offers researchers the ability to follow bounty programs to stay up-to-date on changes made to organizations' bounty briefs. Now, researchers who are "subscribed" to an organization's public or private program will be alerted when there is a change in 1) rewards or 2) targets in scope. 

Why is this important? With this most recent product feature, ‘Program Updates,’ important bounty brief changes are communicated to researchers on an ongoing basis. This feature will help bolster transparency and encourage long-term loyalty and participation in specific bounty programs. We want to make sure that when changes are made to a bounty brief, researchers who are invested in a program has the insights they need to take appropriate action. 

Read More
Bugcrowd News

August 2016 Hall of Fame Winners!

Posted by Kaila Pollart on Sep 7, 2016 3:48:45 PM

Bugcrowd is excited to announce our August 2016 Hall of Fame winners! 

Read More
Interesting

Industry Report: Financial Services Adopting the Bug Bounty Model

Posted by Payton O'Neal on Aug 31, 2016 11:30:00 AM

A few weeks ago, MasterCard launched their public bug bounty program, joining many other financial services companies who are utilizing the crowd to strengthen their product security and protect consumer data. This launch follows our recently published ‘State of Bug Bounty’ report in which we recognized the speed and volume at which the financial services industry is adopting bug bounty programs. Our financial services spotlight takes a look at that trend and more. 

Read More
Running Your Own Program