Bugcrowd Blog

Sam Houston

Senior Community Manager at Bugcrowd. Sam's passionate about working to foster the best researcher community on the web. Prior to joining the security industry Sam worked for Couchsurfing, Electronic Arts, Playfish, and gamerDNA.

Recent Posts

Tips from Top Hackers - How to fit bounties into your schedule and maximize payouts

Posted by Sam Houston on Oct 17, 2016 4:22:41 PM

In our recently published report on the bug hunting community, we asked all kinds of bug hunters what motivates them to participate in bug bounties, and how they decide what programs to participate in. Amongst several of the groups identified in the report, time was a huge factor. With a full-time job, family and a social life, how does one fit bug bounty hunting into their busy schedule?

Read More
Researcher Resources

Inside the Mind of a Hacker: Bugcrowd's 2016 Bug Hunter Community Report

Posted by Sam Houston on Sep 29, 2016 9:59:00 AM

Over the past four years that we've been helping organizations connect with the world's top security talent to run crowdsourced security programs, a lot has changed. In our recent State of Bug Bounty Report, we examine that change with proof that more traditional organizations adopting the bug bounty model, more private programs being run, and so on and so forth. 

The crux of that change, however, lies in the community. Whether you call them hackers, bug hunters, or security researchers, they make the bug bounty world go 'round. As this niche grows and evolves from the small group it once was, it is becoming more nuanced, and the motivations of bug hunters vary widely.

Read More
Bugcrowd News, Research and Reports

Researcher Spotlight: Vishnu Vardhan Reddy

Posted by Sam Houston on Sep 27, 2016 4:56:33 PM
We recently got to know Vishnu Vardhan Reddy who is ranked 19th on Bugcrowd's all time Hall of Fame, and recently won our Buggy Award for most activity in Kudos only programs. Vishnu joined the Bugcrowd community in March 2015, and in that time has racked up an astounding 1435 Kudos points. 

Follow Vishnu on Twitter: @Vishnu_dfx
We love getting to know members of the Bugcrowd community and Vishnu's unique experience and background provides great insight into it. Read the below interview to learn more about why Vishnu bug hunts, what keeps him going, and where he sees it going. 
Read More
Researcher Profiles

2016 Black Hat, DEFCON, BSides Wrap Up

Posted by Sam Houston on Aug 9, 2016 4:41:24 PM

Now that we've rested our feet, drank some water, and adjusted from the Las Vegas time warp, we thought we'd give a brief recap of our week. In the six days we spent boots down in Vegas, we caught some great talks with some of our favorite people, threw, sponsored and attended awesome events, and as always, met amazing folks from the InfoSec community. 

Read More

Researcher Spotlight - Putsi

Posted by Sam Houston on Jun 14, 2016 2:03:12 PM

Putsi is #38 on the community leaderboard, with a 97.14% acceptance rate and an average bug priority of 3. Putsi just recently entered the top 40 on Bugcrowd and has had success with many private and public bounty programs on the platform.

Read below for our interview with Putsi and make sure to follow @Putsi on Twitter.

Read More
Researcher Profiles

Researcher Spotlight - Nikaiw

Posted by Sam Houston on Jun 6, 2016 2:31:40 PM

Nikaiw is #58 on the community leaderboard, with a 96.88% acceptance rate and an average bug priority of 2.37. Nikaiw has been on Bugcrowd for less than 6 months and in that time he's found 31 valid vulnerabilities, with 10 of those being P1's.

Read below for our interview with Nikaiw and make sure to follow @Nikaiw on Twitter.

Read More
Researcher Profiles

Podcast - An Inside Look at the Crowd with Frans Rosen & Sam Houston

Posted by Sam Houston on May 31, 2016 1:45:44 PM

For me, one of the most enjoyable aspects of the security industry is the security community. The relationships I've been fortunate enough to build over the past couple of years have made this job very rewarding and of course, a ton of fun. I recently had the chance to record a podcast discussion with Frans Rosen, founder of Detectify and active bug bounty hunter to discuss our experiences in the security community:

Read More

Researcher Spotlight - Fuzzybear

Posted by Sam Houston on May 18, 2016 2:57:55 PM

Fuzzybear is #43 on the community leaderboard, with a 100% acceptance rate and an average bug priority of 2.55. In the short time he's been on Bugcrowd and in bug bounties he has done quite well, successfully finding 65 bugs on Bugcrowd bug bounties, most of which was through private bug bounty programs. He also has one of my favorite usernames in the community!

Read below for our interview with Fuzzybear, where he shares some great practical advice for researchers.

Read More
Researcher Profiles

Researcher Spotlight - Mico

Posted by Sam Houston on May 10, 2016 8:30:00 AM

This week’s Researcher Spotlight is on Mico! Mico ranks #5 on Bugcrowd’s leaderboard with over 1926 kudos points, 266 bugs found, a 91% acceptance rate and an average bug priority of 2.92. In a relatively short period of time we’ve seen Mico climb his way up the charts. Mico can be found on Bugcrowd and you can follow him on Twitter at @bugtest0101.

Take us back to your early days, what got you started with technology?

Read More
Researcher Profiles

[Guest Blog] Using a Braun Shaver to Bypass XSS Audit and WAF by Frans Rosen, Detectify

Posted by Sam Houston on Apr 19, 2016 1:12:14 PM

This post was contributed by Frans Rosen, Bug Bounty Hunter and Knowledge Advisor at Detectify

TLDR: Sometimes you just need to spend a couple of months to exploit a XSS with a hygiene product.

For a couple of months this specific bug was on my "check later" list. I later reported it to the company running a private bug bounty. I had been messing with it back and forth and was never been able to do something that actually made sense – and as soon as I had some progress – a new obstacle came crashing in my face. After a few months returning to the same endpoint, I was finally able to create a PoC to show that a security issue was present.

It's a freaking XSS, but hey, the story is what counts, right..? :)

Read More
Guest Blog, Bug Hunter Tips and Tricks