5 Tips and Tricks for Running a Successful Bug Bounty Program
Bug bounties have continued to grab headlines over the years – as evidenced by the fact that we’ve seen a 40% growth in program launches over the last year alone. As bug bounty programs move towards becoming more of a necessity (as opposed to a nice-to-have), it’s increasingly important to be aware of the nuances
The Ultimate Guide to Managed Bug Bounty
Attack surfaces over the past decade have become more complex than ever, and the overall surface area has ballooned significantly. As our world continues to come online, cybersecurity vulnerabilities become even more apparent. No one thinks—or cares—more about cybersecurity than the security professionals responsible for protecting their enterprise’s applications and data. And their lives get
Enterprise Jira Integrations with Bugcrowd
Over the past several years, I have spoken to hundreds of customers about how to get developers to take action on vulnerabilities. The majority of developers use Jira to track work so typically, security teams piggyback on that process to assign vulnerabilities. When it comes down to the process details, each customer has their own
Why Ethics Matter in Bug Bounties
In 2017 we saw more data breaches, phishing scams, ransomware, state-sponsored attacks than ever before. And while each one was damaging in their own right and continue to shape cybersecurity, one breach in particular stood out: the Uber breach. Not necessarily for the impact or the type of breach, but for what happened afterwards. For
Setting the Bar High for Bug Bounty Triage and Validation
Running a bug bounty program on your own is difficult. Imagine receiving hundreds of vulnerability submissions weekly, many of them unimportant, and many of them duplicates of known vulnerabilities. Once you weed through those submissions, you’ll have to respond if needed, prioritize impact, and determine what it’s worth. Then you’ll have to file a ticket to make
Why More Government Agencies Need Bug Bounty and Vulnerability Disclosure Programs
If you’re reading this article, statistically speaking your organization might be getting hacked. Data breaches of U.S. government networks, once novel, have become pervasive over the past year. Take it from the Office of Personnel Management (OPM) or the IRS – no one is safe anymore. In private sector, the Equifax hack and Intel’s processor vulnerabilities have hit mainstream media by storm. The
How Does a Bug Bounty Fit into my SDLC?
“How does a bug bounty fit into my SDLC?” This is a question we hear all the time. While the obvious answer is that it can augment or replace much of your current manual and automated testing, the actual answer is simpler; “bug bounties fit into and support your SDLC each step of the way.”
4 Common Business Drivers for Launching a Bug Bounty
In the past several years, bug bounties have evolved from the open-to-everyone contests they once were, becoming more nuanced with the ability to meet various organizational goals and objectives. While some reasons for starting a bug bounty program may be more obvious than others, there are multiple business goals or drivers that organizations, including your
We’re regularly asked how Bugcrowd determines if a bug bounty submission is rewardable. Today, as we approach 10,000 submissions, and as part of Bugcrowd’s commitment to transparency, we’re shedding some light on our submission evaluation process. Its important to note up front that Bugcrowd programs differentiate between technical validity and rewardability, in order to maintain
