Keep track of the latest security news, and in touch with the bounty community.

Lifecycle of a Bug Report – Ongoing vs. Flex

At Bugcrowd, customers can test their applications and products on an ongoing basis, Bugcrowd Ongoing Programs, or in short, time-boxed engagements, Bugcrowd Flex Programs. Some customers only run ongoing programs, while some prefer flex programs, and many run both at the same time! In each model, the process for which bugs are reported, triaged, and rewarded varies slightly. For Read article →

3 Years, 20,000 Security Researchers, and Nearly 200 Clients Later…

2012 was the year that almost every industry, banking, education, government, big tech and even security, was hacked. Many, if not all of these companies were doing “all” they could to protect themselves against these hacks, and yet they were still left vulnerable. In direct response to this, 2012 was also the year we built Read article →

August 2015 Hall of Fame

It is time for the August 2015 Hall of Fame, our first month running with the new kudos points award model. Big recognition goes to harie_cool, who has topped the monthly leaderboard 2 months straight due to his solid string of P1 and P2 submissions.

August 2015 Researcher Newsletter

Phew, August sure has been a busy month at Bugcrowd! This month we’ve launched a new researcher reputation system and a new app for customers, increased reward amounts for some of our top bounties, launched several new invite-only programs, and did this all while recovering from the fun and excitement of Black Hat, DEFCON & Read article →

Let the Mobile Hacking Begin: Dropbox Announces Public Program on Mobile Apps

After a successful Flex Bug Bounty with Bugcrowd, Dropbox is kicking off their ongoing public bounty program. While Bugcrowd is widely known for our programs on web applications, our private IoT and mobile bounties are quietly delivering great results to customers… In just two weeks of testing on Dropbox’s defined targets during May, the program Read article →

Researcher interviews from DEFCON 23

At DEFCON 23 this year we interviewed a few members of the Bugcrowd Researcher community, getting their impressions of DEFCON and gathering some tips & tricks for bug bounty hunters.

Summer 2015 Product Release

We are excited to announce that our Summer 2015 Release is here! A lot of hard work has been put into our product over the last few months and we are pretty excited about the impact it is already making with our customers. This release only includes changes for the customer/company side of the product. Read article →

How We Measure Crowd Performance

Have you ever wondered how we measure Crowd performance?  The first measure you probably think of is a researcher’s Rank, which is based on Kudos points.

Vulnerability Prioritization at Bugcrowd

The only way for a security team to effectively manage risk is vulnerability prioritization and management.  There are many different prioritization models used across the industry that are based on vulnerability risk and impact.  Without a clear prioritization model, how do you know what to fix first?  Highest CVSS Score?  FIFO? LIFO? Externally known issues?  Whatever your prioritization Read article →

July 2015 Hall of Fame

It is time for the July 2015 Hall of Fame, and this month we had an unusual situation. We ran an internal project for our Application Security Engineers, and jhaddix crushed it. But the performance bonus program is for the Crowd, not employees. As a result, in July we are awarding the 1st, 2nd, and 4th Read article →