Since I started Bugcrowd, the one constant has been continual amazement at the pace of growth of the crowdsourced security movement we initiated back in 2012.
Our 2017 Spring Product Release improves vulnerability management for the enterprise and supports the long-term success of both security teams and researchers.
Bugcrowd’s vision is to deliver a radical cybersecurity advantage. In addition to providing the best platform and tools to allow the top security researchers on the planet to find vulnerabilities on our customer’s applications, networks, and devices (IoT), we know that the key to our vision and making the Internet a safer place is EDUCATION EDUCATION EDUCATION!
As a founder there is nothing better than watching the company I started grow and evolve. In the four and a half years I’ve watched Bugcrowd grow by leaps and bounds - the team has grown threefold in the past year alone. While our guiding principles, core values, and vision of the future of cybersecurity remain unchanged, today we have evolved as an organization. To use a much-used term from the early aughts, we are now very much Bugcrowd 2.0, and I’m proud to announce a brand-new website that reflects just that.
This post original ran on the (ISC)² blog on June 1, 2017:
Since 2013, (ISC)² has been a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to our members. Bugcrowd is a leading provider of crowdsourced security and bug bounty programs, connecting organizations with more than 50,000 independent security researchers to identify vulnerabilities. As an (ISC)² member, you can participate in Bugcrowd’s bug bounty programs in exchange for CPE credits.
We encourage you to participate in this program to continue honing your security skills, and to apply those skills to help inspire a safe and secure cyber world.
- Sign up as a Bugcrowd researcher at bugcrowd.com
- Find a bug in one of Bugcrowd’s bug bounty programs, including the (ISC)² Bug Bounty Program
- Earn up to 5 CPE credits for each valid bug found, depending on the severity of the vulnerability
- Enter your ISC2 # into your Bugcrowd Researcher profile settings, so that Bugcrowd can submit your contributions at the end of the month.
Members who participate in the program can earn as many as 15 CPE credits each year. As a security-centric organization, Bugcrowd values and encourages independent security research, even on their own products. Their bug bounty program helps them connect with the research community, and provides their organization with constant security feedback.
Keep your skills sharp and keep our site – and others – secure with the bug bounty program.
The management of vulnerability reports can be painfully time-consuming. Organizations hardly have the time or resources to triage and validate incoming vulnerability findings from outside researchers. We recognized the need to ease this pain in 2012 and since then, have provided our customers with full-scale bug bounty support and services, of which include expert technical review and escalation of valid vulnerability submissions. In addition, our teams provide the facilitation of researcher communications crucial for detailed reports, deeper context, and high engagement.
It’s an exciting time to be in information security. Black hats are attacking more web sites, constructing more 0-day threats and phishing more credentials and payment data. The proliferation of smart IoT devices and new technologies create opportunities for malicious activities. Nation State actors and the vulnerabilities they exploit are gaining visibility.
We recently attended a very topical event hosted by Costanoa Ventures focused on helping more women get a #seatatthetable at technology firms. Martina Lauchengco, Operating Partner at Costanoa moderated the panel for the full house of attendees which featured female leaders from leading companies like Uber, Linkedin, SurveyMonkey and Nextdoor.