Today, we’re very happy to announce the launch of Bugcrowd’s 2018 State of Bug Bounty Report! Now in its fourth year, the Bugcrowd State of Bug Bounty Report provides an unparalleled, inside look into the trends across the emerging crowdsourced security market, and for the first time, a deep dive into the most common and
Today, the Office of Management and Budgeting (OMB) released The Federal Cybersecurity Risk Determination Report and Action Plan, mandated by cybersecurity executive order 13800. This report illustrates a high-level review of government cybersecurity risks, identifies actions to improve federal cybersecurity, and acknowledges all parties involved must work together to identify how to implement those actions.
According to the Breach Level Index, more than 5 million data records are lost or stolen every day. The vulnerabilities that permeate complex systems can impact both enterprise data and personal data. If exploited, these vulnerabilities can have significant real-world consequences. However, we are starting to see an unprecedented change in the industry as
Happy International Women’s Day! This day is all about celebrating the vast number of social, economic, cultural, technical and political achievements of women throughout history. Innovation, perseverance and respect are core to our mission at Bugcrowd, so we couldn’t let the day go by without highlighting a great woman who has inspired us every step
Next week (March 1), new regulations from the New York State Department of Financial Services (DFS) will take effect, giving financial services firms licensed to operate in New York 180 days to improve their security based on new requirements. The regulations cover a slew of issues ranging from the maintenance of written policies, testing, governance
As we saw in 2017, the number of data breaches and cyber-attacks is not slowing down. What’s more, security leaders are still focused on finding and investing in defensive tools to combat cybercrime. And yet still, adversaries are getting more innovative and outpacing what tools are able to defend. We no longer live in a
Over the past few months, the widespread popularity and adoption of bug bounties and vulnerability disclosure have grabbed headlines. This rapid adoption paired with recent incidents have hastened the need to make sure things are defined clearly—specifically, the difference between bug bounty and extortion, a good hack versus a bad one. This has drawn the
The bug bounty market is growing quickly. While an increasing number of organizations are embracing the concept, there still remains some confusion and ambiguity around paying hackers for vulnerabilities. Events like recently disclosed Uber breach illustrate this confusion. I’ll take this opportunity to clarify and define this rapidly evolving market.
Last week, we released our second annual Inside the Mind of a Hacker 2.0 report. We dove into different hacker profiles, their motivations for hacking, and the impact building a relationship makes on a successful bug bounty program. We found lots of interesting stats on our bug hunting community, both expected and surprising.