Jet.com takes security seriously. One of the first major retailers to launch a bug bounty program more than two years ago, Jet.com began with a private bug bounty program, harnessing a small, curated group of Bugcrowd researchers before launching its public program to the full crowd just four months later.
Today we aired our 2nd Annual Buggy Awards which recognized several organizations running bug bounty programs and several bug hunters who have contributed some fantastic research to the bug hunting community.
Last week we announced the categories for our 2nd Annual Buggy Awards which will award a select group of individuals and organizations in the bug bounty space. Today we’re pleased to announce the finalists in these categories in anticipation of the awards ceremony next week.
These finalists represent just a handful of organizations and individuals that make this economy so vibrant and we are thankful to the entire bug bounty community.
We are pleased to announce the categories for this year’s Buggy Awards. These awards represent a select group of individuals and organizations who have done fantastic work in the bug bounty space in the past year.
These awards highlight the achievements of top performing customers and researchers and serve as a reminder about what is essential to maintaining the health of the community as a whole.
There are many key performance indicators (KPIs) of a successful bug bounty program–some that matter more to program owners, and some that matter more to researchers. At bugcrowd we aim at aligning the importance of these KPIs between all involved parties to articulate better what is most helpful and valuable to each.
In this post, we will explore the ever important metric, response time. This value is a key factor in both maintaining a healthy and successful program, as well as keeping researchers engaged and involved. Communication, both in swiftness and effectiveness, is key to staying on the same page throughout the vulnerability reporting and review process. Our recent post regarding proper escalation paths when communication falls through is proof of that.
In the past several years, bug bounties have evolved from the open-to-everyone contests they once were, becoming more nuanced with the ability to meet various organizational goals and objectives. While some reasons for starting a bug bounty program may be more obvious than others, there are multiple business goals or drivers that organizations, including your own, may identify when looking into launching a bug bounty program.