Bugcrowd Blog

[Webinar Recap] 3 Reasons to Swap Your Next Penetration Test for a Bug Bounty

Posted by Payton O'Neal on May 5, 2017 3:28:05 PM
Last Friday we took part in an SC Magazine webinar that examines the differences between penetration testing and bug bounties. Jason Haddix, former HP Fortify Pen Test Lead and now Head of Trust and Security at Bugcrowd, spoke with Wade Billings, VP of Technology Services at Instructure, the company behind learning management system Canvas
Read More

Jet Increases Rewards on Mobile

Posted by Abby Mulligan on May 4, 2017 6:00:00 AM

Jet.com takes security seriously. One of the first major retailers to launch a bug bounty program more than two years ago, Jet.com began with a private bug bounty program, harnessing a small, curated group of Bugcrowd researchers before launching its public program to the full crowd just four months later.

Read More
Program Updates

April 2017 Hall of Fame!

Posted by Kaila Pollart on May 3, 2017 4:02:09 PM

Bugcrowd is excited to announce our April 2017 Hall of Fame winners! 

Read More

Thick Client Promotion: Q1 Final Winners

Posted by Chloe Brown on May 2, 2017 10:03:28 AM

For the last two quarters , we've challenged our crowd to report vulnerabilities against the toughest targets our programs have to offer–thick client applications. Bounties that fall into this category include Avira (client software), AVG Technologies (client-side application), OWASP ZAP (desktop application) and several private programs.

Learn more about the promotion here

Read More
Researcher Resources

[Guest Blog] Calling all bug hunters: Sophos teams up with Bugcrowd

Posted by Bugcrowd on Apr 26, 2017 12:07:28 PM

This post originally appeared on the Sophos Blog here.


Adversarial relationships between vendors and security researchers used to be common. Researchers would report a bug and the vendor – not all but certainly more than a few – would drag its feet in patching the problem. Then, the researcher would make the findings public and the vendor would criticize them for releasing information attackers could exploit.

Read More

Illustrated Guide to Bug Bounties Step #3: Learnings

Posted by Payton O'Neal on Apr 25, 2017 8:03:41 AM

The bug bounty lifecycle is a very fluid process, from strategic planning and program launch to learning from and iterating your program. Get the illustrated guide below:

Read More
Running Your Own Program

Payday is Moving to Wednesday!

Posted by Kaila Pollart on Apr 24, 2017 10:30:06 AM

Fridays have long been a day to look forward to for Bugcrowd researchers; now researchers can look forward to getting paid on Wednesdays! 🐫

Read More
Researcher Resources

Product Update: Vulnerability Management Made Easy with the Most Intuitive and Efficient Bi-Directional JIRA Integration

Posted by Travis Andrade on Apr 20, 2017 12:00:00 PM

We are proud to announce the most intuitive and efficient bi-directional JIRA integration for bug bounty programs!

Read More
Product Updates

A Look Inside: Bug Bounties vs. Penetration Testing

Posted by Casey Ellis on Apr 19, 2017 1:01:19 PM

Can bug bounty programs replace penetration tests?

This question has come up a lot in the past several months and today we released a guide that begins to answer it.

Read More
Running Your Own Program, Research and Reports

Illustrated Guide to Bug Bounties Step #2: Launching

Posted by Payton O'Neal on Apr 18, 2017 10:09:32 AM

The bug bounty lifecycle is a very fluid process, from strategic planning to program launch to learning from and iterating your program. Get the illustrated guide below:

Read More