Bugcrowd Blog

Bugcrowd

Recent Posts

[Guest Blog] EARN CPES WITH BUG BOUNTY

Posted by Bugcrowd on Jun 14, 2017 8:25:34 AM

This post original ran on the (ISC)² blog on June 1, 2017:

Since 2013, (ISC)² has been a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to our members. Bugcrowd is a leading provider of crowdsourced security and bug bounty programs, connecting organizations with more than 50,000 independent security researchers to identify vulnerabilities. As an (ISC)² member, you can participate in Bugcrowd’s bug bounty programs in exchange for CPE credits.

We encourage you to participate in this program to continue honing your security skills, and to apply those skills to help inspire a safe and secure cyber world.  

To participate,

  1. Sign up as a Bugcrowd researcher at bugcrowd.com
  2. Find a bug in one of Bugcrowd’s bug bounty programs, including the (ISC)² Bug Bounty Program
  3. Earn up to 5 CPE credits for each valid bug found, depending on the severity of the vulnerability
  4. Enter your (ISC)² member number in your submission form, so that Bugcrowd can submit your contributions at the end of the month

Members who participate in the program can earn as many as 15 CPE credits each year. As a security-centric organization, Bugcrowd values and encourages independent security research, even on their own products. Their bug bounty program helps them connect with the research community, and provides their organization with constant security feedback.

Keep your skills sharp and keep our site – and others – secure with the bug bounty program.

Learn more about the Bugcrowd and (ISC)² partnership

 

 

Read More
Researcher Resources

[Guest Blog] Calling all bug hunters: Sophos teams up with Bugcrowd

Posted by Bugcrowd on Apr 26, 2017 12:07:28 PM

This post originally appeared on the Sophos Blog here.


Adversarial relationships between vendors and security researchers used to be common. Researchers would report a bug and the vendor – not all but certainly more than a few – would drag its feet in patching the problem. Then, the researcher would make the findings public and the vendor would criticize them for releasing information attackers could exploit.

Read More

[Guest Blog] Bugcrowd’s Buggy Awards: Fitbit Takes Two!

Posted by Bugcrowd on Mar 16, 2017 12:13:04 PM

Appeared originally on the Fitbit Engineering Blog

Read More
Guest Blog

Intercom launches public bug bounty; offers up to $1,500 per vulnerability

Posted by Bugcrowd on Feb 16, 2017 6:15:00 AM

Intercom, the customer messaging platform launched its public bug bounty program today. The goal: to implement a secure development lifecycle and protect customer data. Intercom believes that the program is one of the best ways to address and stay on top of the latest cybersecurity challenges.

Read More
Program Launches

DigitalOcean launches public bug bounty with Bugcrowd

Posted by Bugcrowd on Feb 15, 2017 2:14:34 PM

Today, DigitalOcean launched its public bug bounty program. Building on the success of its private program, the public program allows DigitalOcean to focus internal resources on the demands of keeping the cloud secure, while letting researchers do what they do best. DigitalOcean now has access to Bugcrowd’s full crowd of researchers for an even wider breadth of skill sets to find vulnerabilities faster.

Read More
Program Launches

NETGEAR®, Inc. Launches Public Bug Bounty Program

Posted by Bugcrowd on Jan 9, 2017 7:10:09 PM

We're excited to share that NETGEAR®, Inc. has launched a public bug bounty program with us to help them stay in front of the latest threats and improve the security of the company's products. 

Read More
Program Launches

Advice From A Researcher: Hunting XXE For Fun and Profit

Posted by Bugcrowd on Jul 3, 2015 2:00:07 AM

About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. After his first few bugs, he came to realize that bug bounties are a great way to learn more about web application security as well as make some extra money while going to school - computer science major. Currently Ben is an intern at Bugcrowd and continues to do bug bounty research. You can see more of his work on nahamsec.com.

Read More
Guest Blog, Bug Hunter Tips and Tricks

Instructure launches Private Bug Bounty Program

Posted by Bugcrowd on Feb 5, 2015 3:58:54 AM

Instructure has leveled up its security practices yet again - we're now proud to announce the launch of their private bug bounty program.

Read More
Bugcrowd News, Running Your Own Program

Increasing pen test results by 8x: The Instructure Story

Posted by Bugcrowd on Feb 5, 2015 3:04:00 AM

Since 2011, Instructure has proactively publicized the results of their annual penetration test reports to provide transparency around the security of their learning management system. From 2011 to 2013, these pen tests discovered an average 7.6 valid vulnerabilities each year.

Read More
Running Your Own Program, Case Studies

The Barracuda Bug Bounty Story

Posted by Bugcrowd on Dec 17, 2014 1:11:48 AM

Barracuda has been a pioneer in helping shape the bug bounty ecosystem that exists today. Since 2010, the IT security leader has been running its own bug bounty program on its networking and security appliance and VM products.

Read More
Running Your Own Program, Program Launches