Bugcrowd Blog

Payton O'Neal

Recent Posts

Bug Bounty Myth #7: Bounty programs are too hard to manage

Posted by Payton O'Neal on Dec 6, 2016 8:45:00 AM

Over the past months, we’ve addressed the bug bounty misconceptions outlined in our recent guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we're taking a look at what it really takes to manage a bug bounty program in our last post in this series...

Read More
Interesting

Case Study: Aruba's Private Bug Bounty Program

Posted by Payton O'Neal on Dec 1, 2016 8:01:00 AM
After over two years of running an outstanding bug bounty program with Bugcrowd, we’d like to give some recognition to one of our longest standing and committed customers–Aruba Networks.
 
Since 2014, Aruba has successfully leveraged Bugcrowd’s most skilled and trusted researchers through a private bug bounty program for their web applications and hardware devices. Download the Aruba Case Study to learn more about their success.

 

Read More
Case Studies

Bug Bounty Myth #6: Bug Bounties are too costly and hard to budget for.

Posted by Payton O'Neal on Nov 29, 2016 10:52:27 AM

In the past several weeks, we’ve been adressing the bug bounty misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re talking logistics around budget.

Read More
Interesting

Bug Bounty Myth #5: They don’t yield high value results.

Posted by Payton O'Neal on Nov 23, 2016 10:39:58 AM

Although bug bounties have gained incredible traction over the past year, many people still have questions and misunderstandings about what they are and how they work.

In the past several weeks, we’ve been addressing some of those misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re getting down to what it’s all about… the results.

Myth #5: Bug bounties don’t yield high-value results.

Read More

Guest Blog: Barracuda Bug Bounty Program Shifts to the Cloud

Posted by Payton O'Neal on Nov 17, 2016 9:36:54 AM

Posted originally on November 14 by Dave Farrow, Senior Director, Information Security at Barracuda Networks.

Read More
Guest Blog

Bug Bounty Myth #4: Bug Bounties Don’t Attract Talented Testers

Posted by Payton O'Neal on Nov 15, 2016 11:00:00 AM

In the past month, we’ve been addressing some commonly held misconceptions about the bug bounty model, outlined in our guide, 7 Bug Bounty Myths, Busted. So far we’ve discussed the misconception that bug bounties are all public, examined the types of companies engaging with the bug bounty model, and debunked the perception some have that bug bounties are too risky. This week, we’re talking about the folks that make this economy go ‘round...

Myth #4: Bug bounties don’t attract talented testers.

Anyone who has been involved with a bug bounty program knows this isn't true. For those who have not, this post should give you a better idea as to who these people are, and what they're capable of.

Read More
Interesting

Bug Bounty Myth #3: Running a Bug Bounty Program is Too Risky

Posted by Payton O'Neal on Nov 8, 2016 10:37:20 AM

In our recently released guide, 7 Bug Bounty Myths, Busted, we addressed some common misconceptions about the bug bounty model and bug bounty programs. We're spending some time each week to take a deeper dive into those myths one by one. We started by addressing the misconception that bug bounty programs are all public and open to everyone and last week discussed the types of companies engaging with the bug bounty modelThis week, we’re talking about risk...  

Read More
Running Your Own Program

Bug Bounty Myth #2: Only Tech Companies Run Bug Bounties

Posted by Payton O'Neal on Nov 2, 2016 2:33:32 PM

In our recently released guide, 7 Bug Bounty Myths, Busted, we addressed some common misconceptions about the bug bounty model and bug bounty programs. We're spending some time each week to take a deeper dive at those myths one by one. Last week we talked about the misconception that bug bounties are all public, and are open to everyone. Today, we're addressing a related misconception regarding the types of companies engaging with the bug bounty model.

Myth #2: Only tech companies run bug bounty programs

By taking a quick look at our public programs page, our customers page, and our ‘List’ page, it’s clear that this isn't true.

Read More
Running Your Own Program

Leveling up your Bug Bounty Program: Indeed Speaking at LASCON 2016

Posted by Payton O'Neal on Nov 1, 2016 3:59:23 PM

This year, one of our favorite customers will be speaking at one of our favorite conferences where they will discuss why they implemented a bug bounty program, and how the results and learnings have influenced their internal security culture and testing processes.

Read More
Conferences, Running Your Own Program

Bug Bounty Myth #1: All Bug Bounty Programs are 'Public'

Posted by Payton O'Neal on Oct 26, 2016 12:17:29 PM

Throughout this year, bug bounties have hit an all time high in the news, and are well on their way to becoming non-negotiable parts of mature security organizations. Because of that buzz and the positive traction the bug bounty space is seeing, it’s easy for us to forget that this is still a new and novel approach to security that not everyone fully understands. That’s why we’ve put our ears to the ground to pick up on some commonly held misconceptions about how they work, why they work, and for whom they’re ideal. 

Read More
Running Your Own Program