How strong should your Master Password be? For World Password Day we’d like to know

This blog first appeared on 1Passwords’ blog, and is written by customer Jeffrey Goldberg, Chief Defender Against the Dark Arts at 1Password.  Just how strong should a 1Password Master Password be? We recommend that Master Passwords be generated using our wordlist generator using passwords that are four words long. This gets you something like “napery turnip speed

By Guest BlogsProgram LaunchesProgram Updates
Evolving Bugcrowd’s Bounty Program

This post is written by Bugcrowd engineers, Paul Friedman and Daniel Trauner. Bugcrowd is the pioneer and innovator of managed bug bounty programs, and nothing makes that more obvious than the success of our own program, which is celebrating its fifth birthday later this year. Since our program’s launch in September 2013, we’ve received over

By Bugcrowd NewsCompany ResourcesProgram Updates
Ethical Security Research on SecureDrop

The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them

By Guest BlogsProgram Updates
Dash Elevates its Bug Bounty Program from Private to Public

We’re excited to announce our bug bounty program is moving from private to public! Dash is opening up its doors to more than 60,000 registered and verified Bugcrowd security experts around the world to detect issues on behalf of Dash and be rewarded in bug bounty payments. That means more vulnerabilities are discovered and fixed,

By Program Updates
Jet Increases Rewards on Mobile

Jet.com takes security seriously. One of the first major retailers to launch a bug bounty program more than two years ago, Jet.com began with a private bug bounty program, harnessing a small, curated group of Bugcrowd researchers before launching its public program to the full crowd just four months later.

By Program Updates
Jet.com Increases Rewards to Match the Market Rate of Security Bugs

At the beginning of this year we released our ‘Defensive Vulnerability Pricing Model’ that answers the question “what’s a bug worth?”. This guide outlines how much organizations should budget for crowdsourced security programs, and what reward ranges attract the right talent. In short, this guide, informed by tens of thousands of vulnerability submissions and years

By Program Updates