Earlier this year, we took a closer look at why every company should have a vulnerability disclosure program. As veterans with combined 40+ years in the cybersecurity space, Bugcrowd founder and CTO Casey Ellis and CSO David Baker each gave…
In the past year, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) have released guidance outlining the need for vulnerability disclosure programs (VDP). With support from major legislative bodies like the National Institute of Standards and Technology,…
Building in security testing as part of continuous integration is emerging as an essential requirement in today’s DevOps world. Making this decision from the start enables those responsible for development and operations to make informed decisions about feature architecture, design,…
Today we are excited to announce Vulnerability Remediation Advice, our newest feature on Crowdcontrol™! With Vulnerability Remediation Advice, Development and Security can accelerate the remediation process, introducing secure coding methodologies that help educate development, improve code velocity and reduce risk.…
I always like attending the annual Gartner Security and Risk Management in Washington DC because a) I get to do a run around the National Mall and White House, and b) I get to hear what the Gartner analysts are…
Today we are excited to announce the latest disclosure channel available through Bugcrowd’s Vulnerability Disclosure Program (VDP) - Email Intake. It’s simple - any third party who wants to report a vulnerability can simply send an email to your organization…
Another RSA show bites the dust, and we had a great week! Even after attending our blow-out party at the SF Mint (where I admittedly had a little too much fun), and a two-day Speakeasy where I talked to customers…
We are excited to announce that organizations can now increase the visibility into their program with known issue sharing. Sharing known issues will disclose categories of vulnerabilities, based on Bugcrowd’s Vulnerability Rating Taxonomy (VRT), that have been discovered on a…
Bugcrowd has done it again! Today we announced an innovative enhancement to Crowdcontrol–introducing Traffic Control, a proprietary feature built to deliver a solution for secure crowdsourced security testing. Crowdsourced security testing has proven to be a cost-effective solution for uncovering security risks for…
We are excited to introduce new submission search and filtering capabilities to Crowdcontrol, built to optimize the time you spend finding submissions.
Over the last three years, we have seen a steady rise in vulnerability submissions, with a 67% increase in submissions year over year and a 73% increase of valid submissions. What is driving this steady rise? Our recent “2017 State of the Bug Bounty Report” discusses bounty adoption growth, citing a 77% increase in new programs over the last year. Of all the programs we run, 44% are organizations larger than 500 employees. Often times, organizations of this size have much larger attack surfaces, which can result in a high rate of submissions. In order to ensure our users are able to keep up with this increase in activity, they need novel ways to query their submissions.
Since the 1990’s, the internet has been filling our digital world with an insurmountable amount of content right at the edge of our fingertips. However, because of the amount, much of this content isn’t always applicable to you. So where do you go to easily find relatable information that yields the most value? Google, of course! In 1998, the company invented a simple solution to filter through a mass amount of data to find exactly what you are looking for, and fast!
Just as Google helps you find the most relevant content for you based on a simple search, Crowdcontrol now allows you to find the exact submission you are looking for. We recognize each user on Bugcrowd is unique–whether you are a researcher or customer; the importance of one query to an organization may not be important to another. With that in mind, Crowdcontrol’s new submission filtering offers a tokenized search capability, allowing you to easily search and find specific submissions.
