Today we aired our 2nd Annual Buggy Awards which recognized several organizations running bug bounty programs and several bug hunters who have contributed some fantastic research to the bug hunting community.
To find out who won, watch our team present the awards below, and read on to find out what this means for the economy as a whole, as well as what's next for the bug bounty community.
Why do we do these awards?
The awards honor the top bug hunters and companies running bounty programs, two groups that are essential to the success of the crowdsourced security testing. But our appreciation goes beyond just that. As the bug bounty space matures, we've want to continue encouraging and supporting trust, communication, and collaboration between these two parties.
“At Bugcrowd, we know that the success of our business, and of the crowdsourced security testing space, depends on the hard work of our customers and research community. As such, we are always looking for opportunities to recognize these two groups for the outstanding work they do. The Buggy Awards honor those who have gone above and beyond.” - David Baker, VP of Operations, Bugcrowd
What do they mean for organizations?
Running a bug bounty program is no easy feat. Running a successful bug bounty program is even harder. By listening to the community, recognizing hard work and celebrating milestones in this space, we hope to continue setting standards for how companies can maintain successful bug bounty programs.
The organizations recognized in the Buggy Awards represent the top programs in the bug bounty space that are paving the way not only for the success of future programs, but also for the safety of the Internet as a whole.
"Heroku is deeply committed to making the conversations around vulnerabilities safe. As with any development effort, innovation and iteration work best when communications are open and collaborative. We put trust first, so making it safe to share a finding, and financially worth your time makes our platform, our customers, and the internet a safer place to work and play." - Trey Ford, Head of Trust, Heroku
These honored organizations are also building trust within these relationships and strengthening the community as a whole.
"Thanks again to the Bugcrowd team and to the security community as a whole. We look forward to continuing to work with both in the future. We also hope that we can be an inspiration to other security teams, especially in the wearables and IoT space. Our experience has shown us that including crowdsourced security into our security program isn’t always easy, but it is rewarding." - Marc Bown, Fitbit
What do they mean for the community?
These bug hunters deserve recognition for their hard work and we hope the community joins us in celebrating their achievements. While these rewards only recognize a handful of those who contributed to the success of the bounty space in the past year, we're incredibly excited by the amazing research we've seen from the Bugcrowd community as a whole.
“2016 was a wonderful year! I made a lot of effort for the bug hunting at 2016 in Bugcrowd. Because Bugcrowd motivated me with their good rewards. I learned a lot about of web & mobile security by testing many different applications in last year. That's awesome and more valuable than anything! I'm honored to be nominated to Buggy Awards!” - mert
We also hope that by recognizing some of the people that help make the Bugcrowd community so vibrant, more researchers are encouraged to contribute their own insights and perspectives.
"First of all, I'm honored to have been considered for the award. We have an absolutely fantastic bug hunting community and one of the ways we can make it even better is to help out your fellow peers and pay it forward. If anyone ever has any questions that I might be able to help out with, feel free to reach out. If I don't know the answer right away, I'll definitely try to point you in the right direction." - Justin Kennedy
The celebration and recognition of our top contributors doesn't end here. At Bugcrowd we're constantly recognizing the hard work being done in the community through monthly leaderboard bonuses, quarterly promos, guest blog posts, and general resources to support the bug bounty space.