Bugcrowd Blog

David Baker

CSO

Recent Posts

The Uber breach: Extortion does not equal bug bounty

Posted by David Baker on Nov 27, 2017 11:17:19 AM

The bug bounty market is growing quickly. While an increasing number of organizations are embracing the concept, there still remains some confusion and ambiguity around paying hackers for vulnerabilities. Events like recently disclosed Uber breach illustrate this confusion. I’ll take this opportunity to clarify and define this rapidly evolving market.

Read More
Interesting

How Understanding Researcher Motivations Can Help You Run a Successful Bug Bounty Program

Posted by David Baker on Nov 21, 2017 11:45:00 AM

Last week, we released our second annual Inside the Mind of a Hacker 2.0 report. We dove into different hacker profiles, their motivations for hacking, and the impact building a relationship makes on a successful bug bounty program. We found lots of interesting stats on our bug hunting community, both expected and surprising.

Read More
Interesting, Research and Reports

Why You Can’t Ignore the Economics of a Bug Bounty

Posted by David Baker on Jul 14, 2017 11:48:06 AM

It’s common knowledge that the security industry has been facing a massive shortage of resources. Add the fact that companies are accelerating their cloud presence and growing an API ecosystem of their own. CISOs are up-leveling their security strategy by adding bug bounty programs to their toolbox.  

Read More
Interesting, Running Your Own Program, Research and Reports

Webinar Recap: How Three Security Vendors Approach Security

Posted by David Baker on Mar 30, 2017 5:11:08 PM
This week I  spoke with three security gurus - Dave Farrow, Senior Director Information Security, Barracuda, Alvaro Hoyos, Chief Information Security Officer at OneLogin, and Gene Meltser, Security Architect, Sophos - about their current application security challenges and how they overcome them. 
Read More
Running Your Own Program

Evaluating the business impact of software vulnerabilities

Posted by David Baker on Mar 22, 2017 9:00:00 AM

Google recently announced that the company has raised its top reward for remote code execution bugs in its Google, Blogger and YouTube domains by 50 percent, saying "Because high-severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program."

Read More
Interesting

Beginning my Bugcrowd journey

Posted by David Baker on Feb 7, 2017 6:00:00 AM

Today, as I embark on a new journey with Bugcrowd, I reflect on the most common question I have heard: “why leave Okta?”  It’s a good question. I am honored to have served as the Chief Security Officer at Okta, building a world-class security program for a truly innovative company. Moreover, the ride at Okta was meteoric and I know they will continue on their path to world domination. But now, it’s time for disruption. To be more specific, the opportunity to completely change the information security industry. That is where Bugcrowd is going – and that train is leaving the station with me on it. 

Read More