Bugcrowd Blog

Thoughts on our Third Annual State of Bug Bounty Report

Posted by Casey Ellis on Jun 30, 2017 12:01:10 PM

Since I started Bugcrowd, the one constant has been continual amazement at the pace of growth of the crowdsourced security movement we initiated back in 2012.

Read More
Bugcrowd News

Bugcrowd’s Spring Release Ensures the Long-Term Success of Bug Bounty Programs

Posted by Travis Andrade on Jun 22, 2017 1:08:35 PM

Our 2017 Spring Product Release improves vulnerability management for the enterprise and supports the long-term success of both security teams and researchers.

Read More
Product Updates


Posted by Ingrum Putz on Jun 21, 2017 9:08:45 AM

Bugcrowd’s vision is to deliver a radical cybersecurity advantage. In addition to providing the best platform and tools to allow the top security researchers on the planet to find vulnerabilities on our customer’s applications, networks, and devices (IoT), we know that the key to our vision and making the Internet a safer place is EDUCATION EDUCATION EDUCATION!   

Read More

Another Milestone in the Evolution of Bugcrowd

Posted by Casey Ellis on Jun 16, 2017 2:14:00 PM

As a founder there is nothing better than watching the company I started grow and evolve. In the four and a half years I’ve watched Bugcrowd grow by leaps and bounds - the team has grown threefold in the past year alone. While our guiding principles, core values, and vision of the future of cybersecurity remain unchanged, today we have evolved as an organization. To use a much-used term from the early aughts, we are now very much Bugcrowd 2.0, and I’m proud to announce a brand-new website that reflects just that. 

Read More
Bugcrowd News


Posted by Bugcrowd on Jun 14, 2017 8:25:34 AM

This post original ran on the (ISC)² blog on June 1, 2017:

Since 2013, (ISC)² has been a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to our members. Bugcrowd is a leading provider of crowdsourced security and bug bounty programs, connecting organizations with more than 50,000 independent security researchers to identify vulnerabilities. As an (ISC)² member, you can participate in Bugcrowd’s bug bounty programs in exchange for CPE credits.

We encourage you to participate in this program to continue honing your security skills, and to apply those skills to help inspire a safe and secure cyber world.  

To participate,

  1. Sign up as a Bugcrowd researcher at bugcrowd.com
  2. Find a bug in one of Bugcrowd’s bug bounty programs, including the (ISC)² Bug Bounty Program
  3. Earn up to 5 CPE credits for each valid bug found, depending on the severity of the vulnerability
  4. Enter your ISC2 # into your Bugcrowd Researcher profile settings, so that Bugcrowd can submit your contributions at the end of the month.

Members who participate in the program can earn as many as 15 CPE credits each year. As a security-centric organization, Bugcrowd values and encourages independent security research, even on their own products. Their bug bounty program helps them connect with the research community, and provides their organization with constant security feedback.

Keep your skills sharp and keep our site – and others – secure with the bug bounty program.

Learn more about the Bugcrowd and (ISC)² partnership



Read More
Researcher Resources

May 2017 Hall of Fame!!

Posted by Kaila Pollart on Jun 9, 2017 2:24:52 PM

Bugcrowd is excited to announce our May 2017 Hall of Fame winners! 

Read More

Why a DIY Bug Bounty is a Bad Idea

Posted by Ryan Black on Jun 8, 2017 1:05:10 PM

The management of vulnerability reports can be painfully time-consuming. Organizations hardly have the time or resources to triage and validate incoming vulnerability findings from outside researchers. We recognized the need to ease this pain in 2012 and since then, have provided our customers with full-scale bug bounty support and services, of which include expert technical review and escalation of valid vulnerability submissions. In addition, our teams provide the facilitation of researcher communications crucial for detailed reports, deeper context, and high engagement.

Read More

Centrify’s Bug Bounty Program with Bugcrowd

Posted by Raun Nohavitza on Jun 7, 2017 3:35:50 PM

It’s an exciting time to be in information security. Black hats are attacking more web sites, constructing more 0-day threats and phishing more credentials and payment data. The proliferation of smart IoT devices and new technologies create opportunities for malicious activities. Nation State actors and the vulnerabilities they exploit are gaining visibility.

Read More
Program Launches

Bug Bounties vs. Penetration Testing: Misconception #2

Posted by Travis Andrade on May 31, 2017 4:40:24 PM
Misconception: With a bug bounty, you cannot receive the coverage or same caliber of testing methodologies as penetration tests. 
Read More

Some perspective on “a seat at the table”

Posted by Lisa Walsh on May 23, 2017 9:00:00 AM

We recently attended a very topical event hosted by Costanoa Ventures focused on helping more women get a #seatatthetable at technology firms. Martina Lauchengco, Operating Partner at Costanoa moderated the panel for the full house of attendees which featured female leaders from leading companies like Uber, Linkedin, SurveyMonkey and Nextdoor.

Read More