According to the Breach Level Index, more than 5 million data records are lost or stolen every day. The vulnerabilities that permeate complex systems can impact both enterprise data and personal data. If exploited, these vulnerabilities can have significant real-world consequences. However, we are starting to see an unprecedented change in the industry as
Happy International Women’s Day! This day is all about celebrating the vast number of social, economic, cultural, technical and political achievements of women throughout history. Innovation, perseverance and respect are core to our mission at Bugcrowd, so we couldn’t let the day go by without highlighting a great woman who has inspired us every step
Next week (March 1), new regulations from the New York State Department of Financial Services (DFS) will take effect, giving financial services firms licensed to operate in New York 180 days to improve their security based on new requirements. The regulations cover a slew of issues ranging from the maintenance of written policies, testing, governance
As we saw in 2017, the number of data breaches and cyber-attacks is not slowing down. What’s more, security leaders are still focused on finding and investing in defensive tools to combat cybercrime. And yet still, adversaries are getting more innovative and outpacing what tools are able to defend. We no longer live in a
Over the past few months, the widespread popularity and adoption of bug bounties and vulnerability disclosure have grabbed headlines. This rapid adoption paired with recent incidents have hastened the need to make sure things are defined clearly—specifically, the difference between bug bounty and extortion, a good hack versus a bad one. This has drawn the
The bug bounty market is growing quickly. While an increasing number of organizations are embracing the concept, there still remains some confusion and ambiguity around paying hackers for vulnerabilities. Events like recently disclosed Uber breach illustrate this confusion. I’ll take this opportunity to clarify and define this rapidly evolving market.
Last week, we released our second annual Inside the Mind of a Hacker 2.0 report. We dove into different hacker profiles, their motivations for hacking, and the impact building a relationship makes on a successful bug bounty program. We found lots of interesting stats on our bug hunting community, both expected and surprising.
It’s common knowledge that the security industry has been facing a massive shortage of resources. Add the fact that companies are accelerating their cloud presence and growing an API ecosystem of their own. CISOs are up-leveling their security strategy by adding bug bounty programs to their toolbox.
Since I started Bugcrowd, the one constant has been continual amazement at the pace of growth of the crowdsourced security movement we initiated back in 2012.