Bugcrowd Blog

Bugcrowd - Correcting the Math for Customers in their Cybersecurity Equation

Posted by Ashish Gupta on Sep 22, 2017 10:00:00 AM

First and foremost, I want to thank everyone for such a warm welcome to Bugcrowd. I am thrilled to be joining a brilliant team as the new CEO and proud to be a part of something that will not only make an impact on organizations, but also on each of us as citizens of today’s digital world. I have watched closely as Bugcrowd pioneered the space for crowdsourced cybersecurity and security testing, winning the hearts and minds of hundreds of customers and tens of thousands of security researchers around the world, through the leadership of Casey Ellis. I’m thrilled to join the team and help steer the ship through this next phase of growth.

Read More
Interesting, Bugcrowd News

Car Hacking in the Cloud (for Cheap) at DEF CON

Posted by Daniel Trauner on Sep 1, 2017 10:00:00 AM

Each summer, members of the security community convene in Las Vegas for a week of talks, networking, and other activities at a series of conferences. At DEF CON specifically, a number of organizations host Capture the Flag (CTF) hacking competitions in which contestants either compete against each other trying to access other teams' infrastructure while defending their own ("Attack with Defense"), or by racing to rack up the most points before the contest ends with answering standalone questions ("Jeopardy style").

Read More
Interesting, Conferences, Running Your Own Program, events

Why You Can’t Ignore the Economics of a Bug Bounty

Posted by David Baker on Jul 14, 2017 11:48:06 AM

It’s common knowledge that the security industry has been facing a massive shortage of resources. Add the fact that companies are accelerating their cloud presence and growing an API ecosystem of their own. CISOs are up-leveling their security strategy by adding bug bounty programs to their toolbox.  

Read More
Interesting, Running Your Own Program, Research and Reports

W0RLD 3C0N0M1C F0RUM L3ARN1NG J0URN3Y

Posted by Ingrum Putz on Jun 21, 2017 9:08:45 AM

Bugcrowd’s vision is to deliver a radical cybersecurity advantage. In addition to providing the best platform and tools to allow the top security researchers on the planet to find vulnerabilities on our customer’s applications, networks, and devices (IoT), we know that the key to our vision and making the Internet a safer place is EDUCATION EDUCATION EDUCATION!   

Read More
Interesting

Evaluating the business impact of software vulnerabilities

Posted by David Baker on Mar 22, 2017 9:00:00 AM

Google recently announced that the company has raised its top reward for remote code execution bugs in its Google, Blogger and YouTube domains by 50 percent, saying "Because high-severity vulnerabilities have become harder to identify over the years, researchers have needed more time to find them. We want to demonstrate our appreciation for the significant time researchers dedicate to our program."

Read More
Interesting

2017 Bug Bounty Resolutions

Posted by Sam Houston on Jan 3, 2017 12:21:59 PM

The new year is a great time to reflect on the past year and set new goals for the year ahead. To help the Bugcrowd community achieve success in 2017, we've outlined a few New Year's resolutions for bug hunters and bug bounty program managers. Have other resolutions? We want to hear what they are! Tweet us.

Read More
Interesting

Bug Bounty Myth #4: Bug Bounties Don’t Attract Talented Testers

Posted by Payton O'Neal on Nov 15, 2016 11:00:00 AM

In the past month, we’ve been addressing some commonly held misconceptions about the bug bounty model, outlined in our guide, 7 Bug Bounty Myths, Busted. So far we’ve discussed the misconception that bug bounties are all public, examined the types of companies engaging with the bug bounty model, and debunked the perception some have that bug bounties are too risky. This week, we’re talking about the folks that make this economy go ‘round...

Myth #4: Bug bounties don’t attract talented testers.

Anyone who has been involved with a bug bounty program knows this isn't true. For those who have not, this post should give you a better idea as to who these people are, and what they're capable of.

Read More
Interesting

Bug Bounty Model Celebrates 21st Birthday!

Posted by Casey Ellis on Oct 20, 2016 10:15:00 AM

Bug bounties are legal! Twenty-one years ago, Netscape launched the world’s very first bug bounty program. 'Netscape Bugs Bounty' was launched on the beta versions of Netscape Navigator 2.0 software, and awarded cash prizes and SWAG, depending on bug severity. (Sounds pretty familiar, eh?)

The program set the foundation for the bug bounty model–without their even knowing it–and we were curious about that day 21 years ago. We had the opportunity to get straight to the source in a Q&A with Jeff Treuhaft, who was one of the key people behind the Netscape bug bounty program as Netscape’s Product Director. Read on to learn more about why Netscape launched a bug bounty program, what came of it, and where Jeff thinks the model is going.

Read More
Interesting

August 2016 Hall of Fame Winners!

Posted by Kaila Pollart on Sep 7, 2016 3:48:45 PM

Bugcrowd is excited to announce our August 2016 Hall of Fame winners! 

Read More
Interesting

OSS Security Maturity: Time to Put On Your Big Boy Pants!

Posted by Payton O'Neal on Aug 30, 2016 4:31:45 PM


Earlier today we joined Jake Kouns, CISO of Risk Based Security, and Christine Gadsby, Director of Product Security at BlackBerry for a guest webcast. They gave their Black Hat 2016 talk 'OSS Security Maturity: Time to Put on Your Big Boy Pants' which analyzes the real risks of using OSS and the best way to manage its use within your organization. 

This post is a high-level review of that presentation–you can watch the recording here and download their slides here.

Read More
Interesting