Bugcrowd Blog

Case Study: Twilio's Bug Bounty Program Over the Years

Posted by Payton O'Neal on Jan 17, 2017 6:37:00 AM

After two and a half years of running an outstanding bug bounty program with Bugcrowd, we’d like to shine a spotlight on one of our most engaged customers–Twilio.

Read More
Case Study

Thick Client Promotion: Final Winners & Program Extension

Posted by Chloe Brown on Jan 16, 2017 9:56:48 AM

Throughout October, November and December 2016, we challenged our crowd to submit bugs against some challenging targets–thick client applications. Previously we announced our October and November winners and today we’re excited to announce our two final two winners:

Read More
Researcher Resources

Ongoing coverage of wide-scale ransom attack in progress: How to protect Internet-facing data stores

Posted by Casey Ellis on Jan 15, 2017 12:35:38 PM

[Update] Active attacks now include: MongoDB, Elasticsearch and Hadoop.

Two weeks ago the Internet was hit with the first in what has become a frightening trend of ransom attacks. This first attack affected fewer than 200 MongoDB installations and for the most part flew under the radar given the meager sum requested by the attacker (0.2 Bitcoins). However, this attack marked a significant shift in ransom attack model and just two weeks later we’re seeing a major escalation of this model and its impact.

Read More

Product Update: Streamline Your Workflow with Custom Fields

Posted by Travis Andrade on Jan 13, 2017 11:00:00 AM

Crowdcontrol’s vulnerability management platform now features the capability for customers to add customized fields that improve workflow experience. Customers can add up to five customized fields to a program’s submission form.

Customized fields allow customers to align the bug bounty management process with their application security and development workflows. For example, add a field to assign specific teams to submissions or to help communicate which version of the application the vulnerability affects.

Read More
Product Updates

Top 2017 AppSec Challenges and Investment Areas

Posted by Payton O'Neal on Jan 11, 2017 12:37:37 PM

At the close of 2016, we surveyed 100 CISOs and decision makers to get a sense of their 2017 security priorities. The full report will be released at a later date. In the meantime, you can learn more about a few of the top application security focus areas and challenges in this post.

Read More

NETGEAR®, Inc. Launches Public Bug Bounty Program

Posted by Bugcrowd on Jan 9, 2017 7:10:09 PM

We're excited to share that NETGEAR®, Inc. has launched a public bug bounty program with us to help them stay in front of the latest threats and improve the security of the company's products. 

Read More
New Program Announcements

Product Update: Role-Based Access Update

Posted by Travis Andrade on Jan 6, 2017 1:00:00 PM

Bugcrowd is happy to announce a new update to Crowdcontrol’s user permissions that now provides customers a much more customizable experience. A company may now segment their team members’ roles to specific programs. 

Read More
Product Updates

A Hacker at CES

Posted by Jason Haddix on Jan 5, 2017 3:05:00 PM

Today is the first day of another Consumer Electronics Show–CES. Launched 50 years ago the show has been the place to see the latest gadgets, but over the last several years the scope of the show has grown. From cars to drones to personal fitness devices, the show once named for the consumer “electronics” it showcased now features all things consumer technology. 

Read More

Case Study: The ROI of Okta's Bug Bounty Program

Posted by Payton O'Neal on Jan 5, 2017 11:21:42 AM

A few months ago we celebrated the launch of Okta's public bug bounty program after having run a private program for years. Today, we're taking a closer look at how their bug bounty program has influenced their application security program.

Read More
Case Study

December 2016 Hall of Fame!

Posted by Kaila Pollart on Jan 4, 2017 2:26:16 PM

Bugcrowd is excited to announce our December 2016 Hall of Fame winners! 

Read More
Researcher Resources