3 Reasons Bugcrowd Researchers Keep Coming Back

2017 was a year for the books. The Equifax breach, the third Yahoo! breach, the Uber breach — today nearly every American has been impacted by the loss of personally identifiable information (PII) data. And the threat continues to rise. Companies, healthcare systems, governmental and educational entities have started to realize how real the threat is but resources are

By Company ResourcesProgram Management
The Personalities That Put the “Crowd” in Bugcrowd (Part 3 of 3)

In the last installment of The Personalities that Put the “Crowd” in Bugcrowd (Part 2 of 3), I discussed the “Full-Timer” and “Virtuoso” personality types as part of the five distinct personalities that make up our crowd of nearly 70,000 security researchers. As stated previously, it’s important to understand researcher motivations if you intend to run a successful

By Company ResourcesProgram Management
The Personalities That Put the “Crowd” in Bugcrowd (Part 2 of 3)

Previously, in The Personalities that Put the “Crowd” in Bugcrowd (Part 1 of 3), I covered both the “Knowledge-Seeker” and “Hobbyist” personality types as part of the five distinct personalities that make up our crowd of over 65,000 security researchers. In order for companies to run successful bug bounty programs, it’s important to understand researcher motivations – and

By Company ResourcesProgram Management
Leveraging Policy and a Purpose-built Platform to Steer the Ship in SecOps

Crowdsourced security testing and vulnerability disclosure programs require the right combination of policy, resources, and support to be successful. Bugcrowd’s leading platform and team bring years of experience facilitating success with whiteglove management of these programs. From the policy design, launch, and submission management our Operations team is a close partner of our talented researcher

By Program Management
Why a DIY Bug Bounty is a Bad Idea

The management of vulnerability reports can be painfully time-consuming. Organizations hardly have the time or resources to triage and validate incoming vulnerability findings from outside researchers. We recognized the need to ease this pain in 2012 and since then, have provided our customers with full-scale bug bounty support and services, of which include expert technical

By Company ResourcesProgram Management