Bugcrowd Blog

Vuln Disclosure: Why Security Vendors & Researchers Don’t Trust Each Other - Dark Reading Summary + Video

Posted by Kymberlee Price on Mar 23, 2016 10:21:22 AM
 
The original article originally appeared on 3/22/2016 at 10:45 AM as a Commentary on Dark Reading. 
 
I’ve heard all the common complaints from both researchers and organizations regarding existing disclosure policies written over the last 15 years. There are valid arguments - “It doesn’t fit my business model” and “I don’t trust the other party” - which signal to me that for now, the security ecosystem is too complex for any single policy to be both supported and followed by the majority of vendors and researchers. It’s about more than just the disclosure policies. It’s about addressing the historical distrust and hostility between these two parties, and the damage that years of miscommunication and misunderstandings has created.
Read More
Guest Blog, Running Your Own Program

Guest Blog: Indeed's Bug Bounty Goals, Learnings and Successes

Posted by Payton O'Neal on Mar 18, 2016 1:51:53 PM

This post is an exerpt from "A Bounty of Security," originally posted on by Gregory Caswell on the Indeed Engineering Blog.

Read More
Guest Blog

Guest Post: Hunting the “Automated Pentesting” Unicorn

Posted by Sam Houston on Feb 25, 2016 2:18:29 PM
At Bugcrowd we are firm believers in the value of human creativity and their ability to discover new and complex techniques to compromise the security of their target. Yesterday Ryan Broadfoot published a blog on Medium that dives into the complexities of a penetration test and the inherent strengths of security researchers to tackle these issues. We've published Ryan's blog below, and we encourage you to visit Ryan's website and follow him @norsec0de on Twitter.
Read More
Guest Blog

Advice From A Researcher: How To Approach A Target

Posted by Katrina Rodzon on Jul 14, 2015 1:00:11 AM

Editor's Note: Today I’d like to introduce you to Bugcrowd member Anshuman Bhartiya (anshuman_bh). As an information security professional as well as bug bounty researcher, Anshuman has helped improve the security of many organizations. He has submitted several P1 & P2 bugs leading to his high standing within the programs he is involved in. As an active member on our Bugcrowd forum he also contributes to the bug bounty researcher community. This blog is from one of his responses on the forum that he has allowed us to post here. We are thrilled to share his thoughts and experience on how to successfully approach a target. Thanks!

Read More
Guest Blog, Bug Hunter Tips and Tricks

How I Got Into Security: Duarte Silva

Posted by Katrina Rodzon on Jul 8, 2015 1:00:50 AM

Editor's Note: Bugcrowd community researcher, Duarte Silva, shares the story behind how he started working in information security. Duarte is one of Bugcrowd's top researchers, you can follow him on Twitter at @serializingme.

Read More
Guest Blog, Bug Hunter Tips and Tricks

Advice From A Researcher: Hunting XXE For Fun and Profit

Posted by Bugcrowd on Jul 3, 2015 2:00:07 AM

About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. After his first few bugs, he came to realize that bug bounties are a great way to learn more about web application security as well as make some extra money while going to school - computer science major. Currently Ben is an intern at Bugcrowd and continues to do bug bounty research. You can see more of his work on nahamsec.com.

Read More
Guest Blog, Bug Hunter Tips and Tricks

Advice From A Researcher: Protecting Your Dev Environments

Posted by Katrina Rodzon on Jun 24, 2015 2:00:00 AM

[Today I’d like to introduce you to Bugcrowd member Ciaran McNally. (maK0) As a freelance security consultant as well as entrepreneur, Ciaran has helped improve the security of many organizations. We are honored to share is thoughts and experience on how organizations can increase their overall security. Thanks!

Read More
Guest Blog, Bug Hunter Tips and Tricks

The Power of the Crowd: Human Automation for the Last Mile of Security Testing [Tripwire Blog]

Posted by Payton O'Neal on May 1, 2015 6:17:01 AM

This post originally appeared on Tripwire.

Read More
Interesting, Guest Blog, Running Your Own Program

Guest Blog: Best Practices for Quality Bug Hunting by SatishB3

Posted by Kymberlee Price on Feb 4, 2015 3:36:17 PM

[Today I'd like to introduce you to Bugcrowd member Satish Bommisetty. An author and professional security researcher, Satish has helped improve the application security of dozens of companies by reporting over 170 valid vulnerabilities through Bugcrowd. We are honored to share his thoughts on how bounty hunters can deliver high quality professional results and create a respectful security research community. These are things that help form a researcher's positive reputation among peers as well as with customers.

Read More
Guest Blog, Conferences, Bug Hunter Tips and Tricks

Guest Blog: Validating Bugs to Improve Success by Archita

Posted by Kymberlee Price on Feb 4, 2015 4:15:48 AM

[Bugcrowd is a proud sponsor of Nullcon 2015, which is less than a week away! While we are putting the finishing touches on our Bug Bash event, we want to introduce you to another of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to have a great experience.

Read More
Guest Blog, Conferences, Bug Hunter Tips and Tricks