Jet.com takes security seriously. One of the first major retailers to launch a bug bounty program more than two years ago, Jet.com began with a private bug bounty program, harnessing a small, curated group of Bugcrowd researchers before launching its public program to the full crowd just four months later.
For the last
Learn more about the promotion here.
This post originally appeared on the Sophos Blog here.
Adversarial relationships between vendors and security researchers used to be common. Researchers would report a bug and the vendor – not all but certainly more than a few – would drag its feet in patching the problem. Then, the researcher would make the findings public and the vendor would criticize them for releasing information attackers could exploit.
The bug bounty lifecycle is a very fluid process, from strategic planning and program launch to learning from and iterating your program. Get the illustrated guide below:
Fridays have long been a day to look forward to for Bugcrowd researchers; now researchers can look forward to getting paid on Wednesdays! 🐫
We are proud to announce the most intuitive and efficient bi-directional JIRA integration for bug bounty programs!
Can bug bounty programs replace penetration tests?
This question has come up a lot in the past several months and today we released a guide that begins to answer it.
The bug bounty lifecycle is a very fluid process, from strategic planning to program launch to learning from and iterating your program. Get the illustrated guide below: