Keep track of the latest security news, and in touch with the bounty community.

August 2015 Researcher Newsletter

Phew, August sure has been a busy month at Bugcrowd! This month we’ve launched a new researcher reputation system and a new app for customers, increased reward amounts for some of our top bounties, launched several new invite-only programs, and did this all while recovering from the fun and excitement of Black Hat, DEFCON & Read article →

Let the Mobile Hacking Begin: Dropbox Announces Public Program on Mobile Apps

After a successful Flex Bug Bounty with Bugcrowd, Dropbox is kicking off their ongoing public bounty program. While Bugcrowd is widely known for our programs on web applications, our private IoT and mobile bounties are quietly delivering great results to customers… In just two weeks of testing on Dropbox’s defined targets during May, the program Read article →

Researcher interviews from DEFCON 23

At DEFCON 23 this year we interviewed a few members of the Bugcrowd Researcher community, getting their impressions of DEFCON and gathering some tips & tricks for bug bounty hunters.

Summer 2015 Product Release

We are excited to announce that our Summer 2015 Release is here! A lot of hard work has been put into our product over the last few months and we are pretty excited about the impact it is already making with our customers. This release only includes changes for the customer/company side of the product. Read article →

How We Measure Crowd Performance

Have you ever wondered how we measure Crowd performance?  The first measure you probably think of is a researcher’s Rank, which is based on Kudos points.

Vulnerability Prioritization at Bugcrowd

The only way for a security team to effectively manage risk is vulnerability prioritization and management.  There are many different prioritization models used across the industry that are based on vulnerability risk and impact.  Without a clear prioritization model, how do you know what to fix first?  Highest CVSS Score?  FIFO? LIFO? Externally known issues?  Whatever your prioritization Read article →

July 2015 Hall of Fame

It is time for the July 2015 Hall of Fame, and this month we had an unusual situation. We ran an internal project for our Application Security Engineers, and jhaddix crushed it. But the performance bonus program is for the Crowd, not employees. As a result, in July we are awarding the 1st, 2nd, and 4th Read article →

On Oracle, Mary Ann Davidson, and the dark side of security research

Let me say clearly and upfront: As the founder of a company that manages a community of security researchers, I empathize with Mary Ann Davies’ frustrations… but I also strongly disagree with her approach. Let me also say: The security research community, both friendly and adversarial, doesn’t have a concept of “No, You Really Can’t” (The Read article →

Bugcrowd’s 2015 Guide to Hacker Summer Camp

Welcome to Bugcrowd’s 2015 Guide to Hacker Summer Camp, an overview of what we think folks should check out this week in Vegas. Our team is going to be quite busy this week, presenting six times across all three shows, as well as hosting several events throughout the week.

Finding An InfoSec Job

A lot of organizations out there are looking talented hackers right now. Defense, offense, Ops, Dev, you name it, if you have skills then someone is probably looking for you! The problem doesn’t seem to be the *need* but a concise way to finding/getting these positions. Here are a few notes and resources we love Read article →