Black Hat USA, DEFCON, and BSides Las Vegas are coming up soon, and we have a lot planned for both the Crowd and our customers. There are many announcements to follow, but this is one that can't wait.
If you haven't already gotten an invitation, submit a valid, original P1 or P2 vulnerability in any Bugcrowd customer target between June 1 and July 31, and in addition to the bounty reward you earn from the customer, you're in for the Bugcrowd VIP party too. Don't have a Bugcrowd researcher account? Create one. It's easy.
No time to find and submit a bug by the end of July but you're going to be at BSides/BlackHat/DEFCON? We would love to meet up while in Las Vegas at one of the many other Crowd events we're planning. Let us know you're going to be there at the Bugcrowd Forum!
Fine print: One invitation per person, may not be transferred, no +1's. You are responsible for your own travel to the party venue. No you cannot create your own self managed bounty program and submit bugs to yourself that you then validate as P1.
P1 – CRITICAL
Vulnerabilities that cause a privilege escalation on the platform from unprivileged to admin, allows remote code execution, financial theft, etc. Examples: Remote Code Execution, Vertical Authentication bypass, SSRF, XXE, SQL Injection, User authentication bypass
P2 – HIGH
Vulnerabilities that affect the security of the platform including the processes it supports. Examples: Lateral authentication bypass, Stored XSS, some CSRF depending on impact
P3 – MEDIUM
Vulnerabilities that affect multiple users, and require little or no user interaction to trigger. Examples: Reflective XSS, Direct object reference, URL Redirect, some CSRF depending on impact
P4 – LOW
Issues that affect singular users and require interaction or significant prerequisites (MitM) to trigger. Examples: Common flaws, Debug information, Mixed Content