Earlier this month, the National Institute of Standard and Technology’s (NIST) cybersecurity framework released a revision (1.1, Draft 2) of its Framework for Improving Critical Infrastructure Cybersecurity. The new release now includes vulnerability disclosure processes as part of the Framework Core (on page 43).
If you’re reading this article, statistically speaking your organization might be getting hacked. Data breaches of U.S. government networks, once novel, have become pervasive over the past year. Take it from the Office of Personnel Management (OPM) or the IRS – no one is safe anymore. In private sector, the Equifax hack and Intel’s processor vulnerabilities have hit mainstream media by storm. The question needs to be asked: are we doing enough to protect our nation’s assets against malicious attacks?
My career has taken me on an incredible journey. From being a commissioned officer in the Navy and serving in Operations Enduring and Iraqi Freedom, to Apple to the Pentagon, I’ve spent the better part of my life following and homing in on my passion. That’s what brings me here, to Bugcrowd.
At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come.
Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, Google’s Project Zero has provided exploits that work against real software.
Bugcrowd is pleased to recognize our December 2017 Hall of Fame winners!
Bugcrowd has done it again! Today we announced an innovative enhancement to Crowdcontrol–introducing Traffic Control, a proprietary feature built to deliver a solution for secure crowdsourced security testing.
2017 was a year for the books. The Equifax breach, the third Yahoo! breach, the Uber breach -- today nearly every American has been impacted by the loss of personally identifiable information (PII) data. And the threat continues to rise.
In the last installment of The Personalities that Put the “Crowd” in Bugcrowd (Part 2 of 3), I discussed the “Full-Timer” and “Virtuoso” personality types as part of the five distinct personalities that make up our crowd of nearly 70,000 security researchers. As stated previously, it's important to understand researcher motivations if you intend to run a successful bug bounty program. And to that end, I will be covering the final personality type in this post: the “Protector”. If you want to learn more about all five personalities - along with other interesting data and metrics about our crowd - check out our Inside the Mind of a Hacker 2.0 report. With that - let’s dive in!