Bugcrowd Blog

NIST: Vulnerability Disclosure as a Requirement for Every Organization

Posted by Jonathan Cran on Jan 18, 2018 12:11:38 PM

Earlier this month, the National Institute of Standard and Technology’s (NIST) cybersecurity framework released a revision (1.1, Draft 2) of its Framework for Improving Critical Infrastructure Cybersecurity. The new release now includes vulnerability disclosure processes as part of the Framework Core (on page 43).

Read More
Thought leadership, Cybersecurity News

Why more government agencies should run Bug Bounties and VDP

Posted by Michael Chung on Jan 11, 2018 8:06:00 AM

If you’re reading this article, statistically speaking your organization might be getting hacked. Data breaches of U.S. government networks, once novel, have become pervasive over the past year. Take it from the Office of Personnel Management (OPM) or the IRS – no one is safe anymore. In private sector, the Equifax hack and Intel’s processor vulnerabilities have hit mainstream media by storm. The question needs to be asked: are we doing enough to protect our nation’s assets against malicious attacks?

Read More
Interesting, Thought leadership, Federal

Bugcrowd: The next frontier of cybersecurity

Posted by Michael Chung on Jan 9, 2018 9:01:00 AM

My career has taken me on an incredible journey. From being a commissioned officer in the Navy and serving in Operations Enduring and Iraqi Freedom, to Apple to the Pentagon, I’ve spent the better part of my life following and homing in on my passion. That’s what brings me here, to Bugcrowd.

Read More
Interesting, Bugcrowd News, Federal

2018 Predictions: It Takes a Crowd

Posted by Sam Houston on Jan 5, 2018 9:43:00 AM

At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come.

Read More
Thought leadership

Spectre & Meltdown: Quick Fact Sheet

Posted by Jonathan Cran on Jan 4, 2018 3:10:30 PM
Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, Google’s Project Zero has provided exploits that work against real software.
Read More
Interesting, Thought leadership

December 2017 Hall of Fame

Posted by Kaila Pollart on Jan 4, 2018 9:07:00 AM

Bugcrowd is pleased to recognize our December 2017 Hall of Fame winners!

Read More
Researcher Resources

New Feature: Traffic Control Provides Unprecedented Coverage and Control for Crowdsourced Security Testing

Posted by Travis Andrade on Dec 19, 2017 10:30:00 AM

Bugcrowd has done it again! Today we announced an innovative enhancement to Crowdcontrol–introducing Traffic Control, a proprietary feature built to deliver a solution for secure crowdsourced security testing.

Read More
Product Updates

3 Reasons Bugcrowd Researchers Keep Coming Back

Posted by Ryan Black on Dec 18, 2017 9:17:09 AM

2017 was a year for the books. The Equifax breach, the third Yahoo! breach, the Uber breach -- today nearly every American has been impacted by the loss of personally identifiable information (PII) data. And the threat continues to rise.

Read More
Interesting, Research and Reports, Thought leadership

The Personalities That Put the “Crowd” in Bugcrowd (Part 3 of 3)

Posted by Keith Hoodlet on Dec 14, 2017 8:16:00 AM

In the last installment of The Personalities that Put the “Crowd” in Bugcrowd (Part 2 of 3), I discussed the “Full-Timer” and “Virtuoso” personality types as part of the five distinct personalities that make up our crowd of nearly 70,000 security researchers. As stated previously, it's important to understand researcher motivations if you intend to run a successful bug bounty program. And to that end, I will be covering the final personality type in this post: the “Protector”. If you want to learn more about all five personalities - along with other interesting data and metrics about our crowd - check out our Inside the Mind of a Hacker 2.0 report. With that - let’s dive in!

Read More
Interesting, Research and Reports, Thought leadership

November 2017 Hall of Fame

Posted by Chloe Brown on Dec 8, 2017 7:14:00 AM

Bugcrowd is pleased to recognize our November 2017 Hall of Fame winners!

Read More
Bugcrowd News, Researcher Resources