Bugcrowd Blog


Recent Posts

Why Ethics Matter in Bug Bounties

Posted by Bugcrowd on Jan 24, 2018 3:07:34 PM

In 2017 we saw more data breaches, phishing scams, ransomware, state-sponsored attacks than ever before. And while each one was damaging in their own right and continue to shape cybersecurity, one breach in particular stood out: the Uber breach. Not necessarily for the impact or the type of breach, but for what happened afterwards.

Read More
Interesting, Thought leadership

Vegas; Here We Come!

Posted by Bugcrowd on Jul 17, 2017 2:40:52 PM

We are just one week away from one of the busiest and most hectic weeks of the year - BSides, Black Hat and DEF CON in Las Vegas! Are you excited? We are!

Read More
Bugcrowd News, events


Posted by Bugcrowd on Jun 14, 2017 8:25:34 AM

This post original ran on the (ISC)² blog on June 1, 2017:

Since 2013, (ISC)² has been a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to our members. Bugcrowd is a leading provider of crowdsourced security and bug bounty programs, connecting organizations with more than 50,000 independent security researchers to identify vulnerabilities. As an (ISC)² member, you can participate in Bugcrowd’s bug bounty programs in exchange for CPE credits.

We encourage you to participate in this program to continue honing your security skills, and to apply those skills to help inspire a safe and secure cyber world.  

To participate,

  1. Sign up as a Bugcrowd researcher at bugcrowd.com
  2. Find a bug in one of Bugcrowd’s bug bounty programs, including the (ISC)² Bug Bounty Program
  3. Earn up to 5 CPE credits for each valid bug found, depending on the severity of the vulnerability
  4. Enter your ISC2 # into your Bugcrowd Researcher profile settings, so that Bugcrowd can submit your contributions at the end of the month.

Members who participate in the program can earn as many as 15 CPE credits each year. As a security-centric organization, Bugcrowd values and encourages independent security research, even on their own products. Their bug bounty program helps them connect with the research community, and provides their organization with constant security feedback.

Keep your skills sharp and keep our site – and others – secure with the bug bounty program.

Learn more about the Bugcrowd and (ISC)² partnership



Read More
Researcher Resources

[Guest Blog] Calling all bug hunters: Sophos teams up with Bugcrowd

Posted by Bugcrowd on Apr 26, 2017 12:07:28 PM

This post originally appeared on the Sophos Blog here.

Adversarial relationships between vendors and security researchers used to be common. Researchers would report a bug and the vendor – not all but certainly more than a few – would drag its feet in patching the problem. Then, the researcher would make the findings public and the vendor would criticize them for releasing information attackers could exploit.

Read More

[Guest Blog] Bugcrowd’s Buggy Awards: Fitbit Takes Two!

Posted by Bugcrowd on Mar 16, 2017 12:13:04 PM

Appeared originally on the Fitbit Engineering Blog

Read More
Guest Blog

Intercom launches public bug bounty; offers up to $1,500 per vulnerability

Posted by Bugcrowd on Feb 16, 2017 6:15:00 AM

Intercom, the customer messaging platform launched its public bug bounty program today. The goal: to implement a secure development lifecycle and protect customer data. Intercom believes that the program is one of the best ways to address and stay on top of the latest cybersecurity challenges.

Read More
Program Launches

DigitalOcean launches public bug bounty with Bugcrowd

Posted by Bugcrowd on Feb 15, 2017 2:14:34 PM

Today, DigitalOcean launched its public bug bounty program. Building on the success of its private program, the public program allows DigitalOcean to focus internal resources on the demands of keeping the cloud secure, while letting researchers do what they do best. DigitalOcean now has access to Bugcrowd’s full crowd of researchers for an even wider breadth of skill sets to find vulnerabilities faster.

Read More
Program Launches

NETGEAR®, Inc. Launches Public Bug Bounty Program

Posted by Bugcrowd on Jan 9, 2017 7:10:09 PM

We're excited to share that NETGEAR®, Inc. has launched a public bug bounty program with us to help them stay in front of the latest threats and improve the security of the company's products. 

Read More
Program Launches

Advice From A Researcher: Hunting XXE For Fun and Profit

Posted by Bugcrowd on Jul 3, 2015 2:00:07 AM

About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. After his first few bugs, he came to realize that bug bounties are a great way to learn more about web application security as well as make some extra money while going to school - computer science major. Currently Ben is an intern at Bugcrowd and continues to do bug bounty research. You can see more of his work on nahamsec.com.

Read More
Guest Blog, Bug Hunter Tips and Tricks

Instructure launches Private Bug Bounty Program

Posted by Bugcrowd on Feb 5, 2015 3:58:54 AM

Instructure has leveled up its security practices yet again - we're now proud to announce the launch of their private bug bounty program.

Read More
Bugcrowd News, Running Your Own Program