Bugcrowd Blog

Casey Ellis

Founder and CEO of Bugcrowd

Recent Posts

Another Milestone in the Evolution of Bugcrowd

Posted by Casey Ellis on Jun 16, 2017 2:14:00 PM

As a founder there is nothing better than watching the company I started grow and evolve. In the four and a half years I’ve watched Bugcrowd grow by leaps and bounds - the team has grown threefold in the past year alone. While our guiding principles, core values, and vision of the future of cybersecurity remain unchanged, today we have evolved as an organization. To use a much-used term from the early aughts, we are now very much Bugcrowd 2.0, and I’m proud to announce a brand-new website that reflects just that. 

Read More
Bugcrowd News

A Look Inside: Bug Bounties vs. Penetration Testing

Posted by Casey Ellis on Apr 19, 2017 1:01:19 PM

Can bug bounty programs replace penetration tests?

This question has come up a lot in the past several months and today we released a guide that begins to answer it.

Read More
Running Your Own Program, Research and Reports

Ongoing coverage of wide-scale ransom attack in progress: How to protect Internet-facing data stores

Posted by Casey Ellis on Jan 15, 2017 12:35:38 PM

[Update] Active attacks now include: MongoDB, Elasticsearch and Hadoop.

Two weeks ago the Internet was hit with the first in what has become a frightening trend of ransom attacks. This first attack affected fewer than 200 MongoDB installations and for the most part flew under the radar given the meager sum requested by the attacker (0.2 Bitcoins). However, this attack marked a significant shift in ransom attack model and just two weeks later we’re seeing a major escalation of this model and its impact.

Read More

4 Years of Bugcrowd's Bug Bounty: Evolution and Learnings

Posted by Casey Ellis on Nov 21, 2016 3:26:55 PM
Here at Bugcrowd we take our own advice. Four years ago yesterday we launched Bugcrowd's first bounty program to uncover vulnerabilities in our own applications and web assets.
Read More
Bugcrowd News

Okta Launches Public Bug Bounty Program with Bugcrowd

Posted by Casey Ellis on Nov 16, 2016 6:00:00 AM

Today we are pleased to announce that after running an extensive private program with Bugcrowd, Okta is launching its first public bug bounty program.

Read More
Program Launches

Bug Bounty Model Celebrates 21st Birthday!

Posted by Casey Ellis on Oct 20, 2016 10:15:00 AM

Bug bounties are legal! Twenty-one years ago, Netscape launched the world’s very first bug bounty program. 'Netscape Bugs Bounty' was launched on the beta versions of Netscape Navigator 2.0 software, and awarded cash prizes and SWAG, depending on bug severity. (Sounds pretty familiar, eh?)

The program set the foundation for the bug bounty model–without their even knowing it–and we were curious about that day 21 years ago. We had the opportunity to get straight to the source in a Q&A with Jeff Treuhaft, who was one of the key people behind the Netscape bug bounty program as Netscape’s Product Director. Read on to learn more about why Netscape launched a bug bounty program, what came of it, and where Jeff thinks the model is going.

Read More
Interesting

Bug Bounty: Part of This Complete Breakfast

Posted by Casey Ellis on Oct 4, 2016 4:40:45 PM

In the past several months, bug bounties have gained popularity in the press and have been adopted with increasing velocity by enterprise organizations. Along with this popularity, the bug bounty model has also received some criticism, and various actors within the industry have raised some very good questions. In keeping with our commitment to transparency, honesty, and education, we thought it was as good as time as any to discuss two specific areas that have cropped up in the past several months, quality and impact, through examining some misconceptions about bug bounties.

Read More

Fiat Chrysler - The First Full-Line Automaker to Launch a Paid Public Bug Bounty Program

Posted by Casey Ellis on Jul 13, 2016 6:56:39 AM

2015 was the year the public perception of automobile safety changed forever… Chris Valasek and Charlie Miller’s notorious Jeep Cherokee hack transformed the idea of the humble automobile into a 2-tonne computer that can be hacked just like any other. In recent years, automakers are realising that hackers just like Charlie and Chris are already at the table, ready and willing to help, and are leveraging the work coming out of this community to make their products safer from cyber threats.

We are excited to announce that Fiat Chrysler Automobiles is joining the ranks of those pioneering this relationship, by becoming one of the first automakers to launch a bug bounty program.

Read More
Bugcrowd News

Bugcrowd's 2nd Annual State of Bug Bounty Report - A Note from the CEO

Posted by Casey Ellis on Jun 8, 2016 8:45:37 AM

Bugcrowd has always held education and sharing as a core value, which is why I’m very pleased to announce the release of our second annual State of Bug Bounty Report.

This 22-page document gives the reader an up-close and personal look at the evolving dynamics of the bug bounty market, and deeper insight into the early stages of the “unlikely romance” blossoming between hackers and organizations. Read the full report

Read More
Bugcrowd News, Research and Reports

$15M to Connect Hackers and Companies… Why, and What’s Next?

Posted by Casey Ellis on Apr 20, 2016 1:30:00 PM

Today is a great day for hackers, defenders, Bugcrowd as a company, and for Aussie founders with a dream to execute on the world stage. We’re very proud to have Blackbird Ventures, the same firm that pioneered the Startmate incubator where Bugcrowd began, taking the lead on our $15M Series B alongside existing investors Rally, Costanoa and Paladin. We’re just as pleased to welcome Salesforce Ventures and Industry Ventures to the family.  

Read More
Bugcrowd News