Casey Ellis

Executive Chairman, Founder and CTO of Bugcrowd.
Recent Posts
Best Hacker Movies – The Definitive List

As is the case with many things, this post is the product of being bored on a long flight with Internet access. I made a deliberately vague but provocative Twitter poll, which subsequently blew up and spawned an amazing list of hacker movies recommendations – Ranging through cybersecurity, cypherpunk, and cybercrime genres: We decided to

By Thought Leadership
Homeland Security to Establish Vulnerability Disclosure; House Pushes for Formalization of CISO role

Last week, the House voted to approve H.R. 6735, a bill that directs the Homeland Security Secretary to establish a vulnerability disclosure policy for the agency’s websites. This was a swift decision — The House Homeland Security Committee advanced this bill just last week — as well as a timely one. Crowdsourced security has been

By Cybersecurity NewsThought LeadershipVulnerability Disclosure
White House Takes A Stance on National Cybersecurity

Today the White House rolled out its long awaited National Cybersecurity Strategy. It was very exciting – but also a little unsurprising – to see crowdsourced security front and center as one of the few named solutions: The United States Government will also promote regular testing and exercising of the cybersecurity and resilience of products

By Thought Leadership
HBD #6 Bugcrowd!

This blog post originally appeared on Casey’s Medium blog.  6 years ago today I got off a plane armed with a bunch of notes. I’d spent a week meeting with pen-testing customers in Melbourne, and I’d been talking to them about bug bounty programs. These conversations and a set of ideas I’d been noodling on

By Thought Leadership
Defining “Hacker” in 2018

If you do a Google Image Search against the word hacker, you’ll get images of scary-looking balaclava-clad cybercriminals hunched over a quintessentially green computer terminal. They’re up to no good… Stealing your data, crashing critical systems, or causing general Internet badness. In reality, the word “hacker” applies to a much broader group of people, one

By Thought Leadership
NIST: Vulnerability Disclosure as a Requirement for Every Organization

Earlier this month, the National Institute of Standard and Technology’s (NIST) cybersecurity framework released a revision (1.1, Draft 2) of its Framework for Improving Critical Infrastructure Cybersecurity. The new release now includes vulnerability disclosure processes as part of the Framework Core (on page 43). This revision contains an important addition, the result of an industry effort. Last

By Cybersecurity NewsVulnerability Disclosure