By Casey Ellis Oct 7, 2020NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53) Guidelines Security and Privacy Controls for Information Systems and Organizations. This revision makes a tremendous step toward bringing the role of… Read More
By Casey Ellis Aug 6, 2020DEF CON Black Hat 2020: Top 10 Tips While it feels illegal to hang out with your friends right now, the pandemic is no match for the dedicated folks who unite for Black Hat and DEF CON every year. In 2020, both conferences are running virtually, highlighting the… Read More
By Casey Ellis Mar 5, 2020Election Security 2020: Don’t Let Disinformation Undermine Your Right to Vote A population that is fearful of interference in ways they might not necessarily understand is more vulnerable to manipulation through disinformation strategies. This is particularly true of election security as we enter the last few months of the 2020 Presidential… Read More
By Casey Ellis Dec 12, 2019The Future is Now: 2020 Cybersecurity Predictions How is it 2020 already? We're in the last month of the decade, and the year that has long held a “futurist bookmark” in people’s minds is now upon us. We may not have hoverboards and flying cars yet, but… Read More
By Casey Ellis Nov 19, 20197 years and counting… In 2012, Bugcrowd set out to create a radical cybersecurity advantage and level the playing field between attackers and defenders. As one of the first steps on that journey, seven years ago today, we launched our first "Proof of Concept"… Read More
By Casey Ellis Mar 11, 2019On disclosure, confidentiality, and norms… A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet asking about Bugcrowd’s approach to disclosure policy defaults. The short version of the thread was concern about a statement in our… Read More
By Casey Ellis Feb 8, 2019How Governments are Running Effective Bug Bounty Programs If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have… Read More
By Casey Ellis Jan 29, 2019The iOS FaceTime vulnerability: What it means and what you can do to protect yourself Yesterday news broke that a bug in FaceTime that allows callers to listen to the audio of the person they are calling before that person picks up. Today we learned that it was a high school student in Tucson, Arizona… Read More
By Casey Ellis Jan 18, 2019The List: Making it Even Easier and Safer to Bug Hunt Since 2013, Bugcrowd has maintained “The List” -- a directory of public bug bounty and vulnerability disclosure programs. What started out as a crowdsourced blog post, has evolved to become the defacto resource for people looking for bug bounty and… Read More
By Casey Ellis Nov 30, 2018Marriott Breach: What Makes it Unique & What to do Next Today Marriott announced the company’s Starwood reservations database had been breached and the personal information of 500 million guests stolen. The Washington Post reports that Marriott first learned that an unauthorized party had access to its systems on Sept. 8,… Read More
