By Lauren Craigie Jan 20, 2021Top Challenges of Traditional Pen Tests Penetration testing (or pen testing) has become common practice for vulnerability assessment over the past decade. There are several reasons why people do pen tests. Identifying risky vulnerabilities for developers to address is great practice for risk reduction. That being… Read More
By Lauren Craigie Oct 7, 2020Reducing Noise in Crowdsourced Security More people → more coverage → more vulnerabilities. While the crowdsourced model provides a plethora of benefits, it’s tough to deny one of the core reasons many choose it. A larger pool of pay-per-finding security researchers are more likely to… Read More
By Lauren Craigie Sep 23, 2020Can the Crowd Handle Network Pen Testing? Advances in firewalls and cloud security providers have greatly reduced risk to network infrastructure. But these advances have only served to deter low-level threats, while failing to combat complex risk from highly skilled malicious attackers. Modern penetration testing can help,… Read More
By Lauren Craigie Sep 15, 20205 Things to Ask Your Web App Pen Test Provider If you’re more than 3 minutes into your search for a Web Application Pen Test, you’ve probably already realized there are thousands of available options. In Google-ing I was immediately served, “Pen Testing-- $999-- Call Now!” V Compelling. Much Marketing.… Read More
By Lauren Craigie Aug 20, 20204 Things To Consider Before Your Next M&A The due diligence portion of an M&A is lengthy and complex, yet security teams are often given just a few weeks to perform a full risk analysis before final terms are agreed. That’s very little time to source, activate, and… Read More
By Lauren Craigie Aug 19, 2020Introducing Bugcrowd M&A Assessment The final mile for many Merger and Acquisition events is the security assessment. Once the acquiring party believes the business case is sound, the security team swings in for a final nod of approval. With little time to spare, security… Read More
By Lauren Craigie Aug 13, 2020Ultimate Guide to Vulnerability Disclosure: Report Recap Vulnerability Disclosure Programs (VDPs) help organizations reduce risk across publicly-accessible assets by relying on the voluntary contributions of end-users, customers, and good-faith security researchers. But many organizations still have questions about how (and why) they should incorporate these programs into… Read More
By Lauren Craigie Jul 10, 2020Vulnerability Disclosure Programs: 7 Reasons Why CEOs Need Them Too Have you ever had a vendor claim to reduce attacks against your business? Unless they’re running some sort of protection racket, “reducing attacks” isn’t really possible. What they might mean is that they’ll help you avoid negative consequences from the… Read More
By Lauren Craigie Jun 30, 2020Bug Bounty & Pen Test: How to Choose, and When to Combine Bugcrowd launched Next Gen Pen Test, the first product in our Pen Test portfolio, in November of 2018. Since then, “The Difference Between Bug Bounty and Next Gen Pen Test” has remained one of our most popular blogs. Maybe not… Read More
By Lauren Craigie Jun 10, 2020Bugcrowd Releases Vulnerability Rating Taxonomy 1.9 with More Classifications for Credential Exposure The Vulnerability Rating Taxonomy (VRT) is a living project that is continually updated thanks to contributions from the broader security community to our open-sourced GitHub repository. Today, Bugcrowd is thrilled to announce the culmination of these most recent efforts, VRT… Read More