Bugcrowd Blog

Illustrated Guide to Bug Bounties Step #3: Learnings

Posted by Payton O'Neal on Apr 25, 2017 8:03:41 AM

The bug bounty lifecycle is a very fluid process, from strategic planning and program launch to learning from and iterating your program. Get the illustrated guide below:

Read More
Running Your Own Program

A Look Inside: Bug Bounties vs. Penetration Testing

Posted by Casey Ellis on Apr 19, 2017 1:01:19 PM

Can bug bounty programs replace penetration tests?

This question has come up a lot in the past several months and today we released a guide that begins to answer it.

Read More
Running Your Own Program, Research and Reports

Webinar Recap: How Three Security Vendors Approach Security

Posted by David Baker on Mar 30, 2017 5:11:08 PM
This week I  spoke with three security gurus - Dave Farrow, Senior Director Information Security, Barracuda, Alvaro Hoyos, Chief Information Security Officer at OneLogin, and Gene Meltser, Security Architect, Sophos - about their current application security challenges and how they overcome them. 
Read More
Running Your Own Program

The Illustrated Guide to Planning, Launching and Iterating Your Bug Bounty Program

Posted by Payton O'Neal on Mar 28, 2017 9:00:00 AM

To run a successful and mutually beneficial bug bounty program, the work starts long before you launch your program and is a continuous learning experience.

Read More
Running Your Own Program, Infographics

Providing Access to your Program: Sharing Isn't Caring

Posted by Grant McCracken on Dec 12, 2016 3:37:28 PM

Over the past year, we’ve spent some time diving into many of the different aspects relating to setting up a successful bug bounty program. Previously we've covered step zero, setting your scope, and the importance of focus areas, as well as some considerations to make around setting exclusions and provisioning your testing environment. Additionally, we’ve also taken a brief look at reward guidelines and disclosure policies, and how they can be used to both enhance your program and increase visibility.

Read More
Running Your Own Program

Bug Bounty Myth #7: Bounty programs are too hard to manage

Posted by Payton O'Neal on Dec 6, 2016 8:45:00 AM

Over the past months, we’ve addressed the bug bounty misconceptions outlined in our recent guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we're taking a look at what it really takes to manage a bug bounty program in our last post in this series...

Read More
Running Your Own Program, Research and Reports

Bug Bounty Myth #6: Bug Bounties are too costly and hard to budget for.

Posted by Payton O'Neal on Nov 29, 2016 10:52:27 AM

In the past several weeks, we’ve been adressing the bug bounty misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re talking logistics around budget.

Read More
Running Your Own Program, Research and Reports

Bug Bounty Myth #5: They don’t yield high value results.

Posted by Payton O'Neal on Nov 23, 2016 10:39:58 AM

Although bug bounties have gained incredible traction over the past year, many people still have questions and misunderstandings about what they are and how they work.

In the past several weeks, we’ve been addressing some of those misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re getting down to what it’s all about… the results.

Myth #5: Bug bounties don’t yield high-value results.

Read More
Running Your Own Program, Research and Reports

Bug Bounty Myth #3: Running a Bug Bounty Program is Too Risky

Posted by Payton O'Neal on Nov 8, 2016 10:37:20 AM

In our recently released guide, 7 Bug Bounty Myths, Busted, we addressed some common misconceptions about the bug bounty model and bug bounty programs. We're spending some time each week to take a deeper dive into those myths one by one. We started by addressing the misconception that bug bounty programs are all public and open to everyone and last week discussed the types of companies engaging with the bug bounty modelThis week, we’re talking about risk...  

Read More
Running Your Own Program, Research and Reports

Bug Bounty Myth #2: Only Tech Companies Run Bug Bounties

Posted by Payton O'Neal on Nov 2, 2016 2:33:32 PM

In our recently released guide, 7 Bug Bounty Myths, Busted, we addressed some common misconceptions about the bug bounty model and bug bounty programs. We're spending some time each week to take a deeper dive at those myths one by one. Last week we talked about the misconception that bug bounties are all public, and are open to everyone. Today, we're addressing a related misconception regarding the types of companies engaging with the bug bounty model.

Myth #2: Only tech companies run bug bounty programs

By taking a quick look at our public programs page, our customers page, and our ‘List’ page, it’s clear that this isn't true.

Read More
Running Your Own Program, Research and Reports