Bugcrowd Blog

Why You Can’t Ignore the Economics of a Bug Bounty

Posted by David Baker on Jul 14, 2017 11:48:06 AM

It’s common knowledge that the security industry has been facing a massive shortage of resources. Add the fact that companies are accelerating their cloud presence and growing an API ecosystem of their own. CISOs are up-leveling their security strategy by adding bug bounty programs to their toolbox.  

Read More
Interesting, Running Your Own Program, Research and Reports

Illustrated Guide to Bug Bounties Step #3: Learnings

Posted by Payton O'Neal on Apr 25, 2017 8:03:41 AM

The bug bounty lifecycle is a very fluid process, from strategic planning and program launch to learning from and iterating your program. Get the illustrated guide below:

Read More
Running Your Own Program

A Look Inside: Bug Bounties vs. Penetration Testing

Posted by Casey Ellis on Apr 19, 2017 1:01:19 PM

Can bug bounty programs replace penetration tests?

This question has come up a lot in the past several months and today we released a guide that begins to answer it.

Read More
Running Your Own Program, Research and Reports

Webinar Recap: How Three Security Vendors Approach Security

Posted by David Baker on Mar 30, 2017 5:11:08 PM
This week I  spoke with three security gurus - Dave Farrow, Senior Director Information Security, Barracuda, Alvaro Hoyos, Chief Information Security Officer at OneLogin, and Gene Meltser, Security Architect, Sophos - about their current application security challenges and how they overcome them. 
Read More
Running Your Own Program

The Illustrated Guide to Planning, Launching and Iterating Your Bug Bounty Program

Posted by Payton O'Neal on Mar 28, 2017 9:00:00 AM

To run a successful and mutually beneficial bug bounty program, the work starts long before you launch your program and is a continuous learning experience.

Read More
Running Your Own Program, Infographics

Providing Access to your Program: Sharing Isn't Caring

Posted by Grant McCracken on Dec 12, 2016 3:37:28 PM

Over the past year, we’ve spent some time diving into many of the different aspects relating to setting up a successful bug bounty program. Previously we've covered step zero, setting your scope, and the importance of focus areas, as well as some considerations to make around setting exclusions and provisioning your testing environment. Additionally, we’ve also taken a brief look at reward guidelines and disclosure policies, and how they can be used to both enhance your program and increase visibility.

Read More
Running Your Own Program

Bug Bounty Myth #7: Bounty programs are too hard to manage

Posted by Payton O'Neal on Dec 6, 2016 8:45:00 AM

Over the past months, we’ve addressed the bug bounty misconceptions outlined in our recent guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we're taking a look at what it really takes to manage a bug bounty program in our last post in this series...

Read More
Running Your Own Program, Research and Reports

Bug Bounty Myth #6: Bug Bounties are too costly and hard to budget for.

Posted by Payton O'Neal on Nov 29, 2016 10:52:27 AM

In the past several weeks, we’ve been adressing the bug bounty misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re talking logistics around budget.

Read More
Running Your Own Program, Research and Reports

Bug Bounty Myth #5: They don’t yield high value results.

Posted by Payton O'Neal on Nov 23, 2016 10:39:58 AM

Although bug bounties have gained incredible traction over the past year, many people still have questions and misunderstandings about what they are and how they work.

In the past several weeks, we’ve been addressing some of those misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve...

Today we’re getting down to what it’s all about… the results.

Myth #5: Bug bounties don’t yield high-value results.

Read More
Running Your Own Program, Research and Reports

Bug Bounty Myth #3: Running a Bug Bounty Program is Too Risky

Posted by Payton O'Neal on Nov 8, 2016 10:37:20 AM

In our recently released guide, 7 Bug Bounty Myths, Busted, we addressed some common misconceptions about the bug bounty model and bug bounty programs. We're spending some time each week to take a deeper dive into those myths one by one. We started by addressing the misconception that bug bounty programs are all public and open to everyone and last week discussed the types of companies engaging with the bug bounty modelThis week, we’re talking about risk...  

Read More
Running Your Own Program, Research and Reports