We are constantly iterating our Vulnerability Rating Taxonomy (VRT), incorporating our learnings into each version update. We are thrilled about our newest release, VRT 1.4, as we received an abundance of constructive feedback through our open-sourced GitHub repository. The upcoming release of our VRT 1.4 includes: Added new entries that address missing, but commonly reported
Historically, vulnerability management programs have focused exclusively on vulnerabilities from automated tools; however, the success of any vulnerability management program relies on its ability to automatically consolidate vulnerability data and prioritize the remediation of each risk. Vulnerabilities discovered by a community of researchers significantly expand the visibility of an organization’s security risks and should always
We are excited to announce that organizations can now increase the visibility into their program with known issue sharing. Sharing known issues will disclose categories of vulnerabilities, based on Bugcrowd’s Vulnerability Rating Taxonomy (VRT), that have been discovered on a specific target to better direct a researcher’s testing efforts towards low-touch targets and less commonly
Security is Bugcrowd’s top priority. We are continuously exploring new ways to secure our users’ personal information and the vulnerability data that lives in our platform, and securing that data starts with securing how it’s accessed. That’s why, starting today, you can now view and manage all of your active sessions on Crowdcontrol through a
Bugcrowd has done it again! Today we announced an innovative enhancement to Crowdcontrol–introducing Traffic Control, a proprietary feature built to deliver a solution for secure crowdsourced security testing. Crowdsourced security testing has proven to be a cost-effective solution for uncovering security risks for organizations–augmenting their SDL by addressing the shortage of security resources in the industry. Yet with
We are excited to introduce new submission search and filtering capabilities to Crowdcontrol, built to optimize the time you spend finding submissions. Over the last three years, we have seen a steady rise in vulnerability submissions, with a 67% increase in submissions year over year and a 73% increase of valid submissions. What is driving
The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd’s approved security researchers.
We are proud to announce the newest Crowdcontrol update, which now maps the open standard Vulnerability Rating Taxonomy (VRT) to the Common Vulnerability Scoring System (CVSS) v3, allowing organizations to manage submission severity with CVSS v3!
In talking with our customers, and particularly larger customers, we often hear of the need to establish an open, public, and passive channel for vulnerability disclosure from their users, customers, and the broader security community. These customers aren’t always ready for a public bug bounty but they may already have an existing security@ email address.