Bugcrowd Blog

Product Update: Alternative Payout Option Payoneer Added

Posted by Travis Andrade on Dec 9, 2016 1:30:00 PM

We're excited to announce today that Crowdcontrol now offers a more streamlined process to sign up for an alternative payout option, Payoneer. We've heard many requests from researchers that they'd like an alternative to PayPal, and we're happy to provide an option for those researchers.

Payoneer provides an alternative means for researchers to receive bounty payments either through a prepaid MasterCard card or a direct bank transfer. Alongside PayPal, Payoneer offers Bugcrowd’s researcher community the opportunity to choose the most convenient method of receiving bounty payments.  

Read More
Product Updates

Researcher Spotlight: yeuchimse

Posted by Sam Houston on Dec 8, 2016 11:25:35 AM
We recently chatted with Thanh "yeuchimse" Nguyen because of his success in Twilio's bounty program. Thanh is ranked 132nd on Bugcrowd's all time Hall of Fame, with a 100% bug acceptance rate and an average priority rating of 2.95 over 43 bugs.

Follow Thanh on Twitter: @yeuchimse
Read More
Researcher Profiles

November Hall of Fame!!

Posted by Kaila Pollart on Dec 7, 2016 11:03:25 AM

Bugcrowd is excited to announce our November 2016 Hall of Fame winners! 

Read More
Researcher Resources

Bug Bounty Myth #7: Bounty programs are too hard to manage

Posted by Payton O'Neal on Dec 6, 2016 8:45:00 AM

Over the past months, we’ve addressed the bug bounty misconceptions outlined in our recent guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we're taking a look at what it really takes to manage a bug bounty program in our last post in this series...

Read More

Case Study: Aruba's Private Bug Bounty Program

Posted by Payton O'Neal on Dec 1, 2016 8:01:00 AM
After over two years of running an outstanding bug bounty program with Bugcrowd, we’d like to give some recognition to one of our longest standing and committed customers–Aruba Networks.
Since 2014, Aruba has successfully leveraged Bugcrowd’s most skilled and trusted researchers through a private bug bounty program for their web applications and hardware devices. Download the Aruba Case Study to learn more about their success.


Read More
Case Studies

Bug Bounty Myth #6: Bug Bounties are too costly and hard to budget for.

Posted by Payton O'Neal on Nov 29, 2016 10:52:27 AM

In the past several weeks, we’ve been adressing the bug bounty misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re talking logistics around budget.

Read More

XSS Polyglots - The Context Contest

Posted by Shpend Kurtishaj on Nov 25, 2016 10:25:00 AM

That title is in fact a tongue twister, but it helps to describe this post, which will take a look at XSS polyglot payloads. For the newcomers: dafuq is a polyglot? Now since you’re done with reading the first paragraph of that article, let's dive into XSS vectors with the motto "One payload to rule them all."

Read More
Bug Hunter Tips and Tricks

Bug Bounty Myth #5: They don’t yield high value results.

Posted by Payton O'Neal on Nov 23, 2016 10:39:58 AM

Although bug bounties have gained incredible traction over the past year, many people still have questions and misunderstandings about what they are and how they work.

In the past several weeks, we’ve been addressing some of those misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re getting down to what it’s all about… the results.

Myth #5: Bug bounties don’t yield high-value results.

Read More

4 Years of Bugcrowd's Bug Bounty: Evolution and Learnings

Posted by Casey Ellis on Nov 21, 2016 3:26:55 PM
Here at Bugcrowd we take our own advice. Four years ago yesterday we launched Bugcrowd's first bounty program to uncover vulnerabilities in our own applications and web assets.
Read More
Bugcrowd News

Guest Blog: Barracuda Bug Bounty Program Shifts to the Cloud

Posted by Payton O'Neal on Nov 17, 2016 9:36:54 AM

Posted originally on November 14 by Dave Farrow, Senior Director, Information Security at Barracuda Networks.

Read More
Guest Blog