Bugcrowd Blog

Leveling up your Bug Bounty Program: Indeed Speaking at LASCON 2016

Posted by Payton O'Neal on Nov 1, 2016 3:59:23 PM

This year, one of our favorite customers will be speaking at one of our favorite conferences where they will discuss why they implemented a bug bounty program, and how the results and learnings have influenced their internal security culture and testing processes.

Read More
Conferences, Running Your Own Program

Bug Bounties: Risk and Reward

Posted by Payton O'Neal on Oct 13, 2016 3:24:03 PM

Today our CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people have about bug bounties and discussed both ways to address those concerns, as well as implement liability controls.

Read More

2016 Black Hat, DEFCON, BSides Wrap Up

Posted by Sam Houston on Aug 9, 2016 4:41:24 PM

Now that we've rested our feet, drank some water, and adjusted from the Las Vegas time warp, we thought we'd give a brief recap of our week. In the six days we spent boots down in Vegas, we caught some great talks with some of our favorite people, threw, sponsored and attended awesome events, and as always, met amazing folks from the InfoSec community. 

Read More

"Writing Vulnerability Reports that Maximize Your Bounty Payouts" + My Trip to Nullcon

Posted by Kymberlee Price on Apr 1, 2016 1:14:37 PM

This March I had the opportunity to travel to India and speak at the Nullcon security conference as part of the first Bounty Craft Track - 1.5 days devoted entirely to the art of bug bounty hunting with researchers and members of the security teams from Bugcrowd, Microsoft, Google, Facebook, and Mozilla.  This was a great opportunity for vendors and researchers to engage in interactive conversations, and to share techniques and war stories. And it was awesome to meet dozens of our Crowd members in person, including two of our 2016 Buggy Award winners, Harie_cool and Vishnu_Vardhan_Reddy!  


Read More
Conferences, Bug Hunter Tips and Tricks

Nullcon 2016 "Bounty Craft" Track Schedule March 10-11

Posted by Kymberlee Price on Mar 10, 2016 12:05:46 AM

Bugcrowd is excited to partner with Microsoft, Facebook, Google, and Mozilla at Nullcon 2016 for the first ever "Bounty Craft" Track - 1.5 days devoted entirely to the art of bug bounty hunting.

With the explosive growth of the security research community in India, Nullcon provides a great opportunity for vendors and researchers to engage in interactive conversations, and to share techniques and war stories. If you're attending Nullcon, we hope you'll join us tonight and tomorrow!

Read More

Bugcrowd's RSAC 2016 by the Numbers

Posted by Payton O'Neal on Mar 8, 2016 5:33:28 PM

72,000 Steps

Now that we’ve had a moment to settle from the chaos that was the 25th Annual RSA Conference on our home turf, we'd like to take a moment to jot down some thoughts and give you a look at our highlights - by the numbers. We'll start with the average 72,000 steps "we" took from Monday to Friday, strutting our Bugcrowd gear around Moscone, meeting with incredible people, and generally getting amongst the action.
Read More

On the U.S. Government and Bug Bounties

Posted by Casey Ellis on Mar 2, 2016 2:07:02 PM

My favorite thing about going to conferences is establishing the underlying trends behind the questions I’m asked. We’re only half-way through RSAC/BSides week, and already the dominant question is clear:

When is the government going to start a bug bounty program?

Here’s my answer:

The government has no choice but to adopt a crowdsourced model for vulnerability discovery, it’s more a question of when will the pain of staying the same exceed the pain of change.

Read More
Interesting, Conferences

Researcher interviews from DEFCON 23

Posted by Sam Houston on Aug 24, 2015 8:03:06 AM

At DEFCON 23 this year we interviewed a few members of the Bugcrowd Researcher community, getting their impressions of DEFCON and gathering some tips & tricks for bug bounty hunters.

Read More
Conferences, Researcher Profiles

Bugcrowd's 2015 Guide to Hacker Summer Camp

Posted by Sam Houston on Aug 2, 2015 11:55:02 PM

Welcome to Bugcrowd's 2015 Guide to Hacker Summer Camp, an overview of what we think folks should check out this week in Vegas. Our team is going to be quite busy this week, presenting six times across all three shows, as well as hosting several events throughout the week.

Read More

Come to the Bugcrowd AMA Lounge at Defcon!

Posted by Kymberlee Price on Jul 20, 2015 12:13:03 PM

Several weeks ago I blogged about a VIP Crowd party we are holding for researchers at Defcon, and said there would be many announcements to follow...

Read More