Bugcrowd has done it again! Today we announced an innovative enhancement to Crowdcontrol–introducing Traffic Control, a proprietary feature built to deliver a solution for secure crowdsourced security testing.
We are excited to introduce new submission search and filtering capabilities to Crowdcontrol, built to optimize the time you spend finding submissions.
Over the last three years, we have seen a steady rise in vulnerability submissions, with a 67% increase in submissions year over year and a 73% increase of valid submissions. What is driving this steady rise? Our recent “2017 State of the Bug Bounty Report” discusses bounty adoption growth, citing a 77% increase in new programs over the last year. Of all the programs we run, 44% are organizations larger than 500 employees. Often times, organizations of this size have much larger attack surfaces, which can result in a high rate of submissions. In order to ensure our users are able to keep up with this increase in activity, they need novel ways to query their submissions.
Since the 1990’s, the internet has been filling our digital world with an insurmountable amount of content right at the edge of our fingertips. However, because of the amount, much of this content isn’t always applicable to you. So where do you go to easily find relatable information that yields the most value? Google, of course! In 1998, the company invented a simple solution to filter through a mass amount of data to find exactly what you are looking for, and fast!
Just as Google helps you find the most relevant content for you based on a simple search, Crowdcontrol now allows you to find the exact submission you are looking for. We recognize each user on Bugcrowd is unique–whether you are a researcher or customer; the importance of one query to an organization may not be important to another. With that in mind, Crowdcontrol’s new submission filtering offers a tokenized search capability, allowing you to easily search and find specific submissions.
We are proud to announce the newest Crowdcontrol update, which now maps the open standard Vulnerability Rating Taxonomy (VRT) to the Common Vulnerability Scoring System (CVSS) v3, allowing organizations to manage submission severity with CVSS v3!
In talking with our customers, and particularly larger customers, we often hear of the need to establish an open, public, and passive channel for vulnerability disclosure from their users, customers, and the broader security community. These customers aren’t always ready for a public bug bounty but they may already have an existing security@ email address. They often have an existing security page and want the ability to accept disclosures directly from their website.
The release of our newest integration with Slack now allows you to receive actionable bounty notifications immediately!
Organizations continue to transition to an agile software development lifecycle in today’s fast paced market where there is an increased need for developing applications quickly, efficiently, and securely. Our platform, Crowdcontrol, enables companies to seamlessly implement bug bounty programs into their SDLC by integrating with their everyday tools, such as Slack, to ensure organizations release secure software fast.
Bugcrowd is excited to announce our June 2017 Hall of Fame winners!
At the top, mongo is in our first place spot again :), with Web_Plus following closely behind in second and ahmedehane rounding out our top three! To thank our top performers for their hard work, Bugcrowd is pleased to announce that all three researchers have received bonuses for their performance in the month of June.
- mongo - 844 points - $2,500 bonus
- Web_Plus - 813 points - $1,500 bonus
- ahmedehane - 602 points - $1,000 bonus
Our 2017 Spring Product Release improves vulnerability management for the enterprise and supports the long-term success of both security teams and researchers.
We are proud to announce the most intuitive and efficient bi-directional JIRA integration for bug bounty programs!