In 2010, Barracuda Networks was one of the first organizations to launch a formal bug bounty program. Since then, Barracuda has paved the way for other organizations to launch programs in order to collaborate with the independent research community and improve their overall product security programs.
Bugcrowd bug bounty programs launched by security vendors have tripled over the past two years and represent the fifth largest industry on the Bugcrowd platform.
After two and a half years of running an outstanding bug bounty program with Bugcrowd, we’d like to shine a spotlight on one of our most engaged customers–Twilio.
A few months ago we celebrated the launch of Okta's public bug bounty program after having run a private program for years. Today, we're taking a closer look at how their bug bounty program has influenced their application security program.
Posted originally on by Stuart Hirst on Skyskanner's Code Voyager Blog
Skyscanner has a culture of innovation and continuous improvement. For our IT security function, the ‘Security Squad’, it is no different. External security testing had previously taken the form of standard penetration testing, which brought considerable value and helped improve security posture. However, our Squad wanted to look at new ways of testing the products that we help secure on a daily basis. In early 2015, we began to investigate the possibility of a crowd-sourced testing mechanism.
Since 2011, Instructure has proactively publicized the results of their annual penetration test reports to provide transparency around the security of their learning management system. From 2011 to 2013, these pen tests discovered an average 7.6 valid vulnerabilities each year.