Bugcrowd Blog

Ethical Security Research on SecureDrop

Posted by Jennifer Helsby, SecureDrop on Sep 19, 2017 11:05:00 AM

The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior.

Read More
Guest Blog, Program Launches

Dash Elevates its Bug Bounty Program from Private to Public

Posted by Jim Bursch on Sep 6, 2017 6:02:00 AM

We’re excited to announce our bug bounty program is moving from private to public! Dash is opening up its doors to more than 60,000 registered and verified Bugcrowd security experts around the world to detect issues on behalf of Dash and be rewarded in bug bounty payments. That means more vulnerabilities are discovered and fixed, and we’re all more secure as a result.

Read More
Guest Blog, Bugcrowd News, Program Launches

Secret Program to Offer Rewards up to $250K

Posted by Casey Ellis on Aug 8, 2017 9:00:00 AM

At Bugcrowd, we’ve long said that managed bug bounty programs allow organizations of any size or stage of security maturity to realize the benefits of a bug bounty program. This is why we’ve provided managed programs from day one and why I’m especially excited by today’s news. Today we are recruiting for a Secret customer program with a top reward of $250K.

Read More
Bugcrowd News, Program Launches, Researcher Resources

Dash Launches Bug Bounty Program with Bugcrowd

Posted by Jim Bursch on Aug 7, 2017 10:35:00 AM
This week, the  Dash  Bug Bounty program launched privately on the Bugcrowd  platform, which means selected Bugcrowd researchers have been invited to study the  Dash  Core software for the purpose of identifying bugs and vulnerabilities.

For the first couple of weeks the program will run privately, and then it will be opened to the public so that any white-hat hacker or security researcher can participate in the bug bounty program, and strengthen  Dash 's overall security.

Initially, the range of bounties is set at $100-$10,000 but by the time the program goes public, cyber security experts may earn as much $15,000 for identifying significant bugs. Thanks to the funding provided by  Dash  Masternode Operators (MNOs) through the  Dash  Budget system,  Dash  will have one of the best funded bug bounty programs in the cryptocurrency industry, run by the leading company in the space. 

In addition to the  Dash  Core software, other applications will be added to the bug bounty program after consultation with the Core Team. For example, the CoPay wallet may be added after launch, as well as  Dash  Evolution.

The Dash Bug Bounty program is a DashIncubator project managed by Jim Bursch. The program is coordinated with the Dash Core Team through Holger Schinzel, who leads quality assurance. We greatly look forward to our partnership with Bugcrowd, and providing our users with a safer, more secure network.
Read More
Program Launches

Bromium Launches Private Bug Bounty Program

Posted by Gavin Hill on Aug 1, 2017 11:52:10 AM

For too long, security has been an inhibitor for end users. In fact, in our recent survey, we found that 94% of security professionals are more concerned about getting work done than about security. Security should not limit the business, it should enable it.

Read More
Program Launches

Why We’re Letting 60,000 Bugcrowd Security Researchers Ethically Hack Us

Posted by Matthew Hart on Jul 12, 2017 9:04:47 AM

At Atlassian, security is baked into the product development lifecycle. We employ an entire team of security engineers who build threat models, review code, and test our systems. Building and maintaining products that keep our customers safe is a team effort.

Read More
Guest Blog, Program Launches

Centrify’s Bug Bounty Program with Bugcrowd

Posted by Raun Nohavitza on Jun 7, 2017 3:35:50 PM

It’s an exciting time to be in information security. Black hats are attacking more web sites, constructing more 0-day threats and phishing more credentials and payment data. The proliferation of smart IoT devices and new technologies create opportunities for malicious activities. Nation State actors and the vulnerabilities they exploit are gaining visibility.

Read More
Program Launches

Intercom launches public bug bounty; offers up to $1,500 per vulnerability

Posted by Bugcrowd on Feb 16, 2017 6:15:00 AM

Intercom, the customer messaging platform launched its public bug bounty program today. The goal: to implement a secure development lifecycle and protect customer data. Intercom believes that the program is one of the best ways to address and stay on top of the latest cybersecurity challenges.

Read More
Program Launches

DigitalOcean launches public bug bounty with Bugcrowd

Posted by Bugcrowd on Feb 15, 2017 2:14:34 PM

Today, DigitalOcean launched its public bug bounty program. Building on the success of its private program, the public program allows DigitalOcean to focus internal resources on the demands of keeping the cloud secure, while letting researchers do what they do best. DigitalOcean now has access to Bugcrowd’s full crowd of researchers for an even wider breadth of skill sets to find vulnerabilities faster.

Read More
Program Launches

NETGEAR®, Inc. Launches Public Bug Bounty Program

Posted by Bugcrowd on Jan 9, 2017 7:10:09 PM

We're excited to share that NETGEAR®, Inc. has launched a public bug bounty program with us to help them stay in front of the latest threats and improve the security of the company's products. 

Read More
Program Launches