Casey Ellis

Executive Chairman, Founder and CTO of Bugcrowd.
Recent Posts
On disclosure, confidentiality, and norms…

A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet asking about Bugcrowd’s approach to disclosure policy defaults. The short version of the thread was concern around a statement in our product documentation which infers that Bugcrowd actively recommends Non-Disclosure as the default policy for our

By Vulnerability Disclosure
How Governments are Running Effective Bug Bounty Programs

If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have become pervasive. Take it from the Office of Personnel Management (OPM) or the IRS – no one is safe

By Cybersecurity NewsThought Leadership
Marriott Breach: What Makes it Unique & What to do Next

Today Marriott announced the company’s Starwood reservations database had been breached and the personal information of 500 million guests stolen. The Washington Post reports that Marriott first learned that an unauthorized party had access to its systems on Sept. 8, but because the hackers encrypted the stolen data the company was unable to determine the

By Cybersecurity News
Open Source: It’s turtles all the way down.

Open source is an amazing model and tool, and it’s not a stretch to say that open source is in many ways responsible for the rapid acceleration of technology over the last 20 years. The Linux Foundation recently surveyed and found that almost every organization today uses open source code. CTO of the Cloud Native

By
Best Hacker Movies – The Definitive List

As is the case with many things, this post is the product of being bored on a long flight with Internet access. I made a deliberately vague but provocative Twitter poll, which subsequently blew up and spawned an amazing list of hacker movies recommendations – Ranging through cybersecurity, cypherpunk, and cybercrime genres: We decided to

By Thought Leadership