By Casey Ellis Jan 18, 2019The List: Making it Even Easier and Safer to Bug Hunt Since 2013, Bugcrowd has maintained “The List” -- a directory of public bug bounty and vulnerability disclosure programs. What started out as a crowdsourced blog post, has evolved to become the defacto resource for people looking for bug bounty and… Read More
By Casey Ellis Nov 30, 2018Marriott Breach: What Makes it Unique & What to do Next Today Marriott announced the company’s Starwood reservations database had been breached and the personal information of 500 million guests stolen. The Washington Post reports that Marriott first learned that an unauthorized party had access to its systems on Sept. 8,… Read More
By Casey Ellis Nov 27, 2018Open Source: It’s turtles all the way down. Open source is an amazing model and tool, and it’s not a stretch to say that open source is in many ways responsible for the rapid acceleration of technology over the last 20 years. The Linux Foundation recently surveyed and… Read More
By Casey Ellis Nov 5, 2018Georgia’s Election Cybersecurity Readiness – Are We Freaking Out Yet? This weekend’s news that Georgia’s voter registration system has been likened to “an open bank safe door” paints a bleak picture of the state of election security as we enter the midterm’s final day. According to Who.What.Why.: "A series of… Read More
By Casey Ellis Oct 15, 2018Best Hacker Movies – The Definitive List As is the case with many things, this post is the product of being bored on a long flight with Internet access. I made a deliberately vague but provocative Twitter poll, which subsequently blew up and spawned an amazing list… Read More
By Casey Ellis Oct 3, 2018A Practical Approach to Election Hacking: Assume Breach The midterms are just a month away. No matter your political leanings, there is one topic that should be on the minds of not only every American citizen but everyone around the world: election hacking. Where we stand right now,… Read More
By Casey Ellis Oct 1, 2018Homeland Security to Establish Vulnerability Disclosure; House Pushes for Formalization of CISO role Last week, the House voted to approve H.R. 6735, a bill that directs the Homeland Security Secretary to establish a vulnerability disclosure policy for the agency’s websites. This was a swift decision -- The House Homeland Security Committee advanced this… Read More
By Casey Ellis Sep 21, 2018White House Takes A Stance on National Cybersecurity Today the White House rolled out its long awaited National Cybersecurity Strategy. It was very exciting - but also a little unsurprising - to see crowdsourced security front and center as one of the few named solutions: The United States… Read More
By Casey Ellis Sep 4, 2018HBD #6 Bugcrowd! This blog post originally appeared on Casey's Medium blog. 6 years ago today I got off a plane armed with a bunch of notes. I’d spent a week meeting with pen-testing customers in Melbourne, and I’d been talking to them… Read More
By Casey Ellis Jun 25, 2018Defining “Hacker” in 2018 If you do a Google Image Search against the word hacker, you’ll get images of scary-looking balaclava-clad cybercriminals hunched over a quintessentially green computer terminal. They’re up to no good… Stealing your data, crashing critical systems, or causing general Internet… Read More