Bugcrowd Blog

Payton O'Neal

Recent Posts

Case Study: Twilio's Bug Bounty Program Over the Years

Posted by Payton O'Neal on Jan 17, 2017 6:37:00 AM

After two and a half years of running an outstanding bug bounty program with Bugcrowd, we’d like to shine a spotlight on one of our most engaged customers–Twilio.

Read More
Case Study

Top 2017 AppSec Challenges and Investment Areas

Posted by Payton O'Neal on Jan 11, 2017 12:37:37 PM

At the close of 2016, we surveyed 100 CISOs and decision makers to get a sense of their 2017 security priorities. The full report will be released at a later date. In the meantime, you can learn more about a few of the top application security focus areas and challenges in this post.

Read More

Case Study: The ROI of Okta's Bug Bounty Program

Posted by Payton O'Neal on Jan 5, 2017 11:21:42 AM

A few months ago we celebrated the launch of Okta's public bug bounty program after having run a private program for years. Today, we're taking a closer look at how their bug bounty program has influenced their application security program.

Read More
Case Study

Bugcrowd in 2016: Transparency, Education, and Quality

Posted by Payton O'Neal on Dec 20, 2016 9:03:00 AM

It goes without saying that it has been a HUGE year for appsec. We’ve seen yet another record breaking year of breaches, we had the largest breach in recorded history–Yahoo, and we also witnessed the largest DDoS attack as far as we know at 1.2TB–Mirai. 

Read More
Bugcrowd News

2017 Predictions: Three Experts Discuss Security Challenges for the Coming Year

Posted by Payton O'Neal on Dec 14, 2016 1:36:31 PM

This week we chatted with three security heavyweights to talk about the top security risks and concerns in the upcoming year. The panel of industry experts includes Jeremiah Grossman, Founder of WhiteHat Security and Chief of Security Strategy with SentinelOne, Daniel Miessler, Project Leader: OWASP IoT Security Project and Richard Rushing, CISO at Motorola Mobility.

Read More

Bug Bounty Myth #7: Bounty programs are too hard to manage

Posted by Payton O'Neal on Dec 6, 2016 8:45:00 AM

Over the past months, we’ve addressed the bug bounty misconceptions outlined in our recent guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we're taking a look at what it really takes to manage a bug bounty program in our last post in this series...

Read More
Running Your Own Program

Case Study: Aruba's Private Bug Bounty Program

Posted by Payton O'Neal on Dec 1, 2016 8:01:00 AM
After over two years of running an outstanding bug bounty program with Bugcrowd, we’d like to give some recognition to one of our longest standing and committed customers–Aruba Networks.
 
Since 2014, Aruba has successfully leveraged Bugcrowd’s most skilled and trusted researchers through a private bug bounty program for their web applications and hardware devices. Download the Aruba Case Study to learn more about their success.

 

Read More
Case Studies

Bug Bounty Myth #6: Bug Bounties are too costly and hard to budget for.

Posted by Payton O'Neal on Nov 29, 2016 10:52:27 AM

In the past several weeks, we’ve been adressing the bug bounty misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re talking logistics around budget.

Read More
Running Your Own Program

Bug Bounty Myth #5: They don’t yield high value results.

Posted by Payton O'Neal on Nov 23, 2016 10:39:58 AM

Although bug bounties have gained incredible traction over the past year, many people still have questions and misunderstandings about what they are and how they work.

In the past several weeks, we’ve been addressing some of those misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re getting down to what it’s all about… the results.

Myth #5: Bug bounties don’t yield high-value results.

Read More
Running Your Own Program

Guest Blog: Barracuda Bug Bounty Program Shifts to the Cloud

Posted by Payton O'Neal on Nov 17, 2016 9:36:54 AM

Posted originally on November 14 by Dave Farrow, Senior Director, Information Security at Barracuda Networks.

Read More
Guest Blog