Security is a team sport. The information held by fellow security practitioners and researchers has the power to affect how and when we respond to adversarial threats. The sooner this information can be shared, the sooner it can be actioned…
Bugcrowd helps organizations get ahead of cyber threats by enabling security teams to find and quickly remediate critical vulnerabilities. But we also know that the value of vulnerability data extends beyond the individual patch. In aggregate, this information can often…
For more than seven years, organizations around the world have trusted Bugcrowd to help identify more than 300,000 vulnerabilities in their known IT ecosystems. But with the average organization tracking less than 40% of their total internet-facing footprint, and more…
Bugcrowd is constantly looking for ways to improve the crowdsourced experience for program owners and researchers alike. Today’s feature release accomplishes both. While Bugcrowd offers full program management for all of our products and services, we also appreciate the value…
The Vulnerability Rating Taxonomy (VRT) is a living project that is continually updated thanks to contributions from the broader security community to our open-sourced GitHub repository. Today, Bugcrowd is thrilled to announce the culmination of these most recent efforts, VRT…
The recent explosion of cloud and SaaS offerings from a cross-industry wave of digital transformation has made it harder than ever for organizations to accurately assess their entire attack surface. While asset discovery and management tools chip away at the…
“First priority vulnerability in under 24 hours.” “10x more high priority vulnerabilities than traditional testing.” “Annual impact of two full time resources in under a week.” The benefits of crowdsourced vulnerability discovery programs are compelling. But I’m sure if you’re…
Last week Bugcrowd attended Gartner's annual Security and Risk Management Summit in Washington, D.C. While I know what a city built on a swamp does to your hair, I'm still happy to return every June to catch up with analysts,…
Last week we attended the Financial Services Information Sharing and Analysis Center (FS-ISAC) cybersecurity summit in Orlando, Florida. The event was a first for a few on our team but certainly not for many of the attendees we spoke to,…
Is my stuff secure? At their core, penetration tests answer two critical questions: Is my stuff secure? How do you know? Q1 is pretty straightforward. If the answer is ‘no,’ then Q2 consists of a list of vulnerabilities discovered. But…
