First and foremost, I want to thank everyone for such a warm welcome to Bugcrowd. I am thrilled to be joining a brilliant team as the new CEO and proud to be a part of something that will not only make an impact on organizations, but also on each of us as citizens of today’s digital world. I have watched closely as Bugcrowd pioneered the space for crowdsourced cybersecurity and security testing, winning the hearts and minds of hundreds of customers and tens of thousands of security researchers around the world, through the leadership of Casey Ellis. I’m thrilled to join the team and help steer the ship through this next phase of growth.
Each summer, members of the security community convene in Las Vegas for a week of talks, networking, and other activities at a series of conferences. At DEF CON specifically, a number of organizations host Capture the Flag (CTF) hacking competitions in which contestants either compete against each other trying to access other teams' infrastructure while defending their own ("Attack with Defense"), or by racing to rack up the most points before the contest ends with answering
It’s common knowledge that the security industry has been facing a massive shortage of resources. Add the fact that companies are accelerating their cloud presence and growing an API ecosystem of their own. CISOs are up-leveling their security strategy by adding bug bounty programs to their toolbox.
Bugcrowd’s vision is to deliver a radical cybersecurity advantage. In addition to providing the best platform and tools to allow the top security researchers on the planet to find vulnerabilities on our customer’s applications, networks, and devices (IoT), we know that the key to our vision and making the Internet a safer place is EDUCATION EDUCATION EDUCATION!
Google recently announced that the company has raised its top reward for remote code execution bugs in its Google, Blogger and YouTube domains by 50 percent, saying "Because high-severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program."
The new year is a great time to reflect on the past year and set new goals for the year ahead. To help the Bugcrowd community achieve success in 2017, we've outlined a few New Year's resolutions for bug hunters and bug bounty program managers. Have other resolutions? We want to hear what they are! Tweet us.
In the past month, we’ve been addressing some commonly held misconceptions about the bug bounty model, outlined in our guide, 7 Bug Bounty Myths, Busted. So far we’ve discussed the misconception that bug bounties are all public, examined the types of companies engaging with the bug bounty model, and debunked the perception some have that bug bounties are too risky. This week, we’re talking about the folks that make this economy go ‘round...
Myth #4: Bug bounties don’t attract talented testers.
Anyone who has been involved with a bug bounty program knows this isn't true. For those who have not, this post should give you a better idea as to who these people are, and what they're capable of.
Bug bounties are legal! Twenty-one years ago, Netscape launched the world’s very first bug bounty program. 'Netscape Bugs Bounty' was launched on the beta versions of Netscape Navigator 2.0 software, and awarded cash prizes and SWAG, depending on bug severity. (Sounds pretty familiar, eh?)
The program set the foundation for the bug bounty model–without their even knowing it–and we were curious about that day 21 years ago. We had the opportunity to get straight to the source in a Q&A with Jeff Treuhaft, who was one of the key people behind the Netscape bug bounty program as Netscape’s Product Director. Read on to learn more about why Netscape launched a bug bounty program, what came of it, and where Jeff thinks the model is going.
Earlier today we joined Jake Kouns, CISO of Risk Based Security, and Christine Gadsby, Director of Product Security at BlackBerry for a guest webcast. They gave their Black Hat 2016 talk 'OSS Security Maturity: Time to Put on Your Big Boy Pants' which analyzes the real risks of using OSS and the best way to manage its use within your organization.