Bugcrowd Blog

October 2017 Hall of Fame

Posted by Kaila Pollart on Nov 1, 2017 12:23:59 PM

Bugcrowd is pleased to recognize our October 2017 Hall of Fame winners!

Read More

Car Hacking in the Cloud (for Cheap) at DEF CON, Part 2

Posted by Daniel Trauner on Oct 30, 2017 10:00:00 AM

Last month, we wrote an introductory overview of our experience running the second annual Car Hacking Village CTF infrastructure at DEF CON 25. Most notably, our use of Zappa to deploy Flask-based CTFd on AWS Lambda and API Gateway resulted in a $1.50 bill for the entire month of July (excluding database instances), while providing a number of operational advantages over last year’s traditional infrastructure.

Read More
Bugcrowd News, events, CTF

Bugcrowd Integration Now Available in Qualys Web Application Scanning

Posted by Dave Ferguson on Oct 18, 2017 8:53:33 AM

The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd’s approved security researchers.

Read More
Guest Blog, Bugcrowd News

Consistency is Key: Aligning Bugcrowd’s VRT with CVSS

Posted by Travis Andrade on Oct 10, 2017 10:00:00 AM

We are proud to announce the newest Crowdcontrol update, which now maps the open standard Vulnerability Rating Taxonomy (VRT) to the Common Vulnerability Scoring System (CVSS) v3, allowing organizations to manage submission severity with CVSS v3!

Read More
Product Updates

September 2017 Hall of Fame

Posted by Chloe Brown on Oct 9, 2017 10:00:00 AM

Bugcrowd is pleased to recognize our September 2017 Hall of Fame winners!

Read More

What We Can Learn from NETGEAR's Approach to Security

Posted by Ashish Gupta on Oct 6, 2017 9:00:00 AM

Earlier this week, Threatpost reported NETGEAR had fixed 50 vulnerabilities in its routers, switches, and NAS devices -- many of which were reported via the company’s bug bounty program,

Read More
Program Updates

Introducing the Bugcrowd Researcher Advisory Council

Posted by Chloe Brown on Oct 5, 2017 8:00:00 AM

In celebration of its upcoming one year anniversary, we are thrilled to formally announce the Bugcrowd Researcher Council. Begun as a pilot program in November of 2016, Bugcrowd's Researcher Success Team identified 5 Researchers to invite to a special kind of pilot feedback program; since then, the program has grown 200% and the Council members have given their valuable feedback on a variety of implemented improvements, including the Researcher Dashboard and the current ongoing improvements to tokenized search.

Read More

Cut Through The Noise; The Value of a Disclosure Program

Posted by Travis Andrade on Sep 27, 2017 10:00:00 AM

In talking with our customers, and particularly larger customers, we often hear of the need to establish an open, public, and passive channel for vulnerability disclosure from their users, customers, and the broader security community. These customers aren’t always ready for a public bug bounty but they may already have an existing security@ email address. They often have an existing security page and want the ability to accept disclosures directly from their website.

Read More
Product Updates

Bugcrowd - Correcting the Math for Customers in their Cybersecurity Equation

Posted by Ashish Gupta on Sep 22, 2017 10:00:00 AM

First and foremost, I want to thank everyone for such a warm welcome to Bugcrowd. I am thrilled to be joining a brilliant team as the new CEO and proud to be a part of something that will not only make an impact on organizations, but also on each of us as citizens of today’s digital world. I have watched closely as Bugcrowd pioneered the space for crowdsourced cybersecurity and security testing, winning the hearts and minds of hundreds of customers and tens of thousands of security researchers around the world, through the leadership of Casey Ellis. I’m thrilled to join the team and help steer the ship through this next phase of growth.

Read More
Interesting, Bugcrowd News

Ethical Security Research on SecureDrop

Posted by Jennifer Helsby, SecureDrop on Sep 19, 2017 11:05:00 AM

The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior.

Read More
Guest Blog, Program Launches