NIST: Vulnerability Disclosure as a Requirement for Every Organization

Earlier this month, the National Institute of Standard and Technology’s (NIST) cybersecurity framework released a revision (1.1, Draft 2) of its Framework for Improving Critical Infrastructure Cybersecurity. The new release now includes vulnerability disclosure processes as part of the Framework Core (on page 43). This revision contains an important addition, the result of an industry effort. Last

By Cybersecurity NewsVulnerability Disclosure
Why More Government Agencies Need Bug Bounty and Vulnerability Disclosure Programs

If you’re reading this article, statistically speaking your organization might be getting hacked. Data breaches of U.S. government networks, once novel, have become pervasive over the past year. Take it from the Office of Personnel Management (OPM) or the IRS – no one is safe anymore. In private sector, the Equifax hack and Intel’s processor vulnerabilities have hit mainstream media by storm. The

By Bug Bounty ManagementCybersecurity NewsVulnerability Disclosure
Spectre & Meltdown: Quick Fact Sheet

Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, Google’s Project Zero has provided exploits that work against real

By Cybersecurity News
December 2017 Hall of Fame

Bugcrowd is pleased to recognize our December 2017 Hall of Fame winners! Closing out the year strong, todayisnew takes first place! Coming in solid at second place is S4thi5h, and rounding out the top three is mongo in 3rd place. Congratulations to our December winners! To thank our top performers, Bugcrowd is pleased to award bonuses. todayisnew – 654 points – $2,500 bonus S4thi5h –

By Winner's Circle
New Feature: Traffic Control Provides Unprecedented Coverage and Control for Crowdsourced Security Testing

Bugcrowd has done it again! Today we announced an innovative enhancement to Crowdcontrol–introducing Traffic Control, a proprietary feature built to deliver a solution for secure crowdsourced security testing. Crowdsourced security testing has proven to be a cost-effective solution for uncovering security risks for organizations–augmenting their SDL by addressing the shortage of security resources in the industry. Yet with

By Product Updates
3 Reasons Bugcrowd Researchers Keep Coming Back

2017 was a year for the books. The Equifax breach, the third Yahoo! breach, the Uber breach — today nearly every American has been impacted by the loss of personally identifiable information (PII) data. And the threat continues to rise. Companies, healthcare systems, governmental and educational entities have started to realize how real the threat is but resources are

By Company ResourcesProgram Management