Bugcrowd Blog

Casey Ellis

Executive Chairman, Founder and CTO of Bugcrowd

Recent Posts

How to hire a new CEO - A note from Bugcrowd’s founder

Posted by Casey Ellis on Aug 28, 2017 5:57:00 AM

Bugcrowd is excited and very pleased to announce the appointment of Ashish Gupta as our new Chief Executive Officer. With this addition, I’ll be transitioning to Chairman of the Board and Chief Technology Officer.

Read More
Bugcrowd News

Secret Program to Offer Rewards up to $250K

Posted by Casey Ellis on Aug 8, 2017 9:00:00 AM

At Bugcrowd, we’ve long said that managed bug bounty programs allow organizations of any size or stage of security maturity to realize the benefits of a bug bounty program. This is why we’ve provided managed programs from day one and why I’m especially excited by today’s news. Today we are recruiting for a Secret customer program with a top reward of $250K.

Read More
Bugcrowd News, Program Launches, Researcher Resources

3,2,1… BSidesLV, Black Hat and DEF CON 2017 Wrap Up

Posted by Casey Ellis on Aug 7, 2017 1:30:00 PM

BSidesLV, Black Hat and DEF CON week is “that time of year” in the security industry; when hackers, suits, feds and anyone else interested in our craft descend on Las Vegas. The goal? To teach, demonstrate, learn, connect, and enjoy the company of fellow members of the village.

Read More
Conferences, events

Thoughts on our Third Annual State of Bug Bounty Report

Posted by Casey Ellis on Jun 30, 2017 12:01:10 PM

Since I started Bugcrowd, the one constant has been continual amazement at the pace of growth of the crowdsourced security movement we initiated back in 2012.

Read More
Bugcrowd News

Another Milestone in the Evolution of Bugcrowd

Posted by Casey Ellis on Jun 16, 2017 2:14:00 PM

As a founder there is nothing better than watching the company I started grow and evolve. In the four and a half years I’ve watched Bugcrowd grow by leaps and bounds - the team has grown threefold in the past year alone. While our guiding principles, core values, and vision of the future of cybersecurity remain unchanged, today we have evolved as an organization. To use a much-used term from the early aughts, we are now very much Bugcrowd 2.0, and I’m proud to announce a brand-new website that reflects just that. 

Read More
Bugcrowd News

A Look Inside: Bug Bounties vs. Penetration Testing

Posted by Casey Ellis on Apr 19, 2017 1:01:19 PM

Can bug bounty programs replace penetration tests?

This question has come up a lot in the past several months and today we released a guide that begins to answer it.

Read More
Running Your Own Program, Research and Reports

Ongoing coverage of wide-scale ransom attack in progress: How to protect Internet-facing data stores

Posted by Casey Ellis on Jan 15, 2017 12:35:38 PM

[Update] Active attacks now include: MongoDB, Elasticsearch and Hadoop.

Two weeks ago the Internet was hit with the first in what has become a frightening trend of ransom attacks. This first attack affected fewer than 200 MongoDB installations and for the most part flew under the radar given the meager sum requested by the attacker (0.2 Bitcoins). However, this attack marked a significant shift in ransom attack model and just two weeks later we’re seeing a major escalation of this model and its impact.

Read More

4 Years of Bugcrowd's Bug Bounty: Evolution and Learnings

Posted by Casey Ellis on Nov 21, 2016 3:26:55 PM
Here at Bugcrowd we take our own advice. Four years ago yesterday we launched Bugcrowd's first bounty program to uncover vulnerabilities in our own applications and web assets.
Read More
Bugcrowd News

Okta Launches Public Bug Bounty Program with Bugcrowd

Posted by Casey Ellis on Nov 16, 2016 6:00:00 AM

Today we are pleased to announce that after running an extensive private program with Bugcrowd, Okta is launching its first public bug bounty program.

Read More
Program Launches

Bug Bounty Model Celebrates 21st Birthday!

Posted by Casey Ellis on Oct 20, 2016 10:15:00 AM

Bug bounties are legal! Twenty-one years ago, Netscape launched the world’s very first bug bounty program. 'Netscape Bugs Bounty' was launched on the beta versions of Netscape Navigator 2.0 software, and awarded cash prizes and SWAG, depending on bug severity. (Sounds pretty familiar, eh?)

The program set the foundation for the bug bounty model–without their even knowing it–and we were curious about that day 21 years ago. We had the opportunity to get straight to the source in a Q&A with Jeff Treuhaft, who was one of the key people behind the Netscape bug bounty program as Netscape’s Product Director. Read on to learn more about why Netscape launched a bug bounty program, what came of it, and where Jeff thinks the model is going.

Read More