Casey Ellis

Executive Chairman, Founder and CTO of Bugcrowd.
Recent Posts
Marriott Breach: What Makes it Unique & What to do Next

Today Marriott announced the company’s Starwood reservations database had been breached and the personal information of 500 million guests stolen. The Washington Post reports that Marriott first learned that an unauthorized party had access to its systems on Sept. 8, but because the hackers encrypted the stolen data the company was unable to determine the

By Cybersecurity News
Open Source: It’s turtles all the way down.

Open source is an amazing model and tool, and it’s not a stretch to say that open source is in many ways responsible for the rapid acceleration of technology over the last 20 years. The Linux Foundation recently surveyed and found that almost every organization today uses open source code. CTO of the Cloud Native

Best Hacker Movies – The Definitive List

As is the case with many things, this post is the product of being bored on a long flight with Internet access. I made a deliberately vague but provocative Twitter poll, which subsequently blew up and spawned an amazing list of hacker movies recommendations – Ranging through cybersecurity, cypherpunk, and cybercrime genres: We decided to

By Thought Leadership
Homeland Security to Establish Vulnerability Disclosure; House Pushes for Formalization of CISO role

Last week, the House voted to approve H.R. 6735, a bill that directs the Homeland Security Secretary to establish a vulnerability disclosure policy for the agency’s websites. This was a swift decision — The House Homeland Security Committee advanced this bill just last week — as well as a timely one. Crowdsourced security has been

By Cybersecurity NewsThought LeadershipVulnerability Disclosure
White House Takes A Stance on National Cybersecurity

Today the White House rolled out its long awaited National Cybersecurity Strategy. It was very exciting – but also a little unsurprising – to see crowdsourced security front and center as one of the few named solutions: The United States Government will also promote regular testing and exercising of the cybersecurity and resilience of products

By Thought Leadership
HBD #6 Bugcrowd!

This blog post originally appeared on Casey’s Medium blog.  6 years ago today I got off a plane armed with a bunch of notes. I’d spent a week meeting with pen-testing customers in Melbourne, and I’d been talking to them about bug bounty programs. These conversations and a set of ideas I’d been noodling on

By Thought Leadership
Defining “Hacker” in 2018

If you do a Google Image Search against the word hacker, you’ll get images of scary-looking balaclava-clad cybercriminals hunched over a quintessentially green computer terminal. They’re up to no good… Stealing your data, crashing critical systems, or causing general Internet badness. In reality, the word “hacker” applies to a much broader group of people, one

By Thought Leadership
Learn the ins and outs of Crowdsourced Security, Managed Bug Bounty and Vulnerability Disclosure ProgramsDownload the Guide