Bugcrowd Blog

Car Hacking in the Cloud (for Cheap) at DEF CON

Posted by Daniel Trauner on Sep 1, 2017 10:00:00 AM

Each summer, members of the security community convene in Las Vegas for a week of talks, networking, and other activities at a series of conferences. At DEF CON specifically, a number of organizations host Capture the Flag (CTF) hacking competitions in which contestants either compete against each other trying to access other teams' infrastructure while defending their own ("Attack with Defense"), or by racing to rack up the most points before the contest ends with answering standalone questions ("Jeopardy style").

Read More
Interesting, Conferences, Running Your Own Program, events

3,2,1… BSidesLV, Black Hat and DEF CON 2017 Wrap Up

Posted by Casey Ellis on Aug 7, 2017 1:30:00 PM

BSidesLV, Black Hat and DEF CON week is “that time of year” in the security industry; when hackers, suits, feds and anyone else interested in our craft descend on Las Vegas. The goal? To teach, demonstrate, learn, connect, and enjoy the company of fellow members of the village.

Read More
Conferences, events

It Really Does Take A Crowd; LevelUp Recap

Posted by Sam Houston on Jul 21, 2017 3:36:20 PM

In the past year we’ve seen the Bugcrowd community more than double to more than 60,000 researchers, up from 26,782 at the beginning of 2016. With this growth comes the increasing responsibility to educate and foster the professional growth that our researchers seek every day.

Read More
Conferences, Researcher Resources, Research and Reports

Leveling up your Bug Bounty Program: Indeed Speaking at LASCON 2016

Posted by Payton O'Neal on Nov 1, 2016 3:59:23 PM

This year, one of our favorite customers will be speaking at one of our favorite conferences where they will discuss why they implemented a bug bounty program, and how the results and learnings have influenced their internal security culture and testing processes.

Read More
Conferences, Running Your Own Program

Bug Bounties: Risk and Reward

Posted by Payton O'Neal on Oct 13, 2016 3:24:03 PM

Today our CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people have about bug bounties and discussed both ways to address those concerns, as well as implement liability controls.

Read More

2016 Black Hat, DEFCON, BSides Wrap Up

Posted by Sam Houston on Aug 9, 2016 4:41:24 PM

Now that we've rested our feet, drank some water, and adjusted from the Las Vegas time warp, we thought we'd give a brief recap of our week. In the six days we spent boots down in Vegas, we caught some great talks with some of our favorite people, threw, sponsored and attended awesome events, and as always, met amazing folks from the InfoSec community. 

Read More

"Writing Vulnerability Reports that Maximize Your Bounty Payouts" + My Trip to Nullcon

Posted by Kymberlee Price on Apr 1, 2016 1:14:37 PM

This March I had the opportunity to travel to India and speak at the Nullcon security conference as part of the first Bounty Craft Track - 1.5 days devoted entirely to the art of bug bounty hunting with researchers and members of the security teams from Bugcrowd, Microsoft, Google, Facebook, and Mozilla.  This was a great opportunity for vendors and researchers to engage in interactive conversations, and to share techniques and war stories. And it was awesome to meet dozens of our Crowd members in person, including two of our 2016 Buggy Award winners, Harie_cool and Vishnu_Vardhan_Reddy!  


Read More
Conferences, Bug Hunter Tips and Tricks

Nullcon 2016 "Bounty Craft" Track Schedule March 10-11

Posted by Kymberlee Price on Mar 10, 2016 12:05:46 AM

Bugcrowd is excited to partner with Microsoft, Facebook, Google, and Mozilla at Nullcon 2016 for the first ever "Bounty Craft" Track - 1.5 days devoted entirely to the art of bug bounty hunting.

With the explosive growth of the security research community in India, Nullcon provides a great opportunity for vendors and researchers to engage in interactive conversations, and to share techniques and war stories. If you're attending Nullcon, we hope you'll join us tonight and tomorrow!

Read More

Bugcrowd's RSAC 2016 by the Numbers

Posted by Payton O'Neal on Mar 8, 2016 5:33:28 PM

72,000 Steps

Now that we’ve had a moment to settle from the chaos that was the 25th Annual RSA Conference on our home turf, we'd like to take a moment to jot down some thoughts and give you a look at our highlights - by the numbers. We'll start with the average 72,000 steps "we" took from Monday to Friday, strutting our Bugcrowd gear around Moscone, meeting with incredible people, and generally getting amongst the action.
Read More

On the U.S. Government and Bug Bounties

Posted by Casey Ellis on Mar 2, 2016 2:07:02 PM

My favorite thing about going to conferences is establishing the underlying trends behind the questions I’m asked. We’re only half-way through RSAC/BSides week, and already the dominant question is clear:

When is the government going to start a bug bounty program?

Here’s my answer:

The government has no choice but to adopt a crowdsourced model for vulnerability discovery, it’s more a question of when will the pain of staying the same exceed the pain of change.

Read More
Interesting, Conferences