Today we are launching Advanced Program Search on the Programs list page, an expansive search feature that allows researchers to more easily surface programs that suit their interests. This feature leverages the tokenized search functionality that we have in other places in the app, such as a researcher’s Submissions page. Using 10+ filter keys, a
Today we released the ESG Research Insights Report, Security Leadership Study – Trends in Application Security, revealing what CISOs are looking to prioritize in the year to come. The report highlights challenges with current application security testing methods, crowdsourced security adoption and benefits, security leadership application security priorities, and DevSecOps adoption within the enterprise.
This blog originally appeared on the Netflix Technology Blog and is authored by Astha Singhal, Netflix Application Security. As Netflix continues to create entertainment people love, the security team continues to keep our members, partners, and employees secure. The security research community has partnered with us to improve the security of the Netflix service for the
This week we’re putting the Spotlight on Justin Gardner, a Bugcrowd Ambassador in Richmond, Virginia. Feel free to follow Justin on Twitter @Rhynorater Justin was around 12 years old when he first started learning about computers and how to bypass parental controls. By the age of 14, programming to hack had become an interest and
This blog originally appeared on ARK’s Medium blog and is authored by Kristjan Košič. After running our private Bugcrowd security bounty program for testing purposes, we are finally ready to open the program to everyone. Opening up the Bugcrowd program to the public has the potential to put over 100,000 eyes on the ARK core codebase.
Running a successful bug bounty program starts far before the actual program launch date, and is a continuous and iterative process of improving and growing over time. The workflow and lifecycle of a managed bug bounty program can typically be broken down into the following five parts: scoping, implementation, identification of findings, remediation of issues,
In early February, the Swiss government issued a reward for hacking its new electronic voting system. In just one short month, Motherboard has reported that a group of researchers have found a critical flaw in the code that would allow someone to alter votes without detection – talk about the power of the bug bounty!
We are always updating our Vulnerability Rating Taxonomy (VRT), integrating our learnings into each version update. We are thrilled to announce our latest release, VRT 1.7 in response to our community’s ongoing feedback through our open-sourced GitHub repository. Security misconfiguration can stem from a very simple error, but at the same time can lead to
Finding heaps of vulnerabilities isn’t very useful without a way to action them. That’s why Bugcrowd isn’t just focused on finding more vulnerabilities, we’re focused on helping organizations resolve those findings, faster. Today we’re proud to announce the launch of another SDLC integration that further enable seamless handoff between Security and Development. Introducing: ServiceNow for