By Casey Ellis Jun 6, 2018Bigger Bugs Drive Higher Payouts to the Crowd Today, we’re very happy to announce the launch of Bugcrowd’s 2018 State of Bug Bounty Report! Now in its fourth year, the Bugcrowd State of Bug Bounty Report provides an unparalleled, inside look into the trends across the emerging crowdsourced… Read More
By Casey Ellis Feb 16, 2018Defining Intent in the Crowdsourced Security Model Over the past few months, the widespread popularity and adoption of bug bounties and vulnerability disclosure have grabbed headlines. This rapid adoption paired with recent incidents has hastened the need to make sure things are defined clearly—specifically, the difference between… Read More
By Casey Ellis Jan 4, 2018Spectre & Meltdown: Quick Fact Sheet Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For… Read More
By Casey Ellis Aug 28, 2017How to Hire a New CEO – A Note from Bugcrowd’s Founder Bugcrowd is excited and very pleased to announce the appointment of Ashish Gupta as our new Chief Executive Officer. With this addition, I’ll be transitioning to Chairman of the Board and Chief Technology Officer. Read More
By Casey Ellis Aug 8, 2017Secret Program to Offer Rewards up to $250K At Bugcrowd, we’ve long said that managed bug bounty programs allow organizations of any size or stage of security maturity to realize the benefits of a bug bounty program. This is why we’ve provided managed programs from day one and… Read More
By Casey Ellis Aug 7, 20173,2,1… BSidesLV, Black Hat and DEF CON 2017 Wrap Up BSidesLV, Black Hat and DEF CON week is “that time of year” in the security industry; when hackers, suits, feds and anyone else interested in our craft descend on Las Vegas. The goal? To teach, demonstrate, learn, connect, and enjoy the company of fellow members of the village. Read More
By Casey Ellis Jun 30, 2017Thoughts on our Third Annual State of Bug Bounty Report Since I started Bugcrowd, the one constant has been continual amazement at the pace of growth of the crowdsourced security movement we initiated back in 2012. Read More
By Casey Ellis Jun 16, 2017Another Milestone in the Evolution of Bugcrowd As a founder there is nothing better than watching the company I started grow and evolve. In the four and a half years I’ve watched Bugcrowd grow by leaps and bounds – the team has grown threefold in the past year alone. While our guiding principles, core values, and vision of the future of cybersecurity remain unchanged, today we have evolved as an organization. To use a much-used term from the early aughts, we are now very much Bugcrowd 2.0, and I’m proud to announce a brand-new website that reflects just that. Read More
By Casey Ellis Apr 19, 2017A Look Inside: Bug Bounties vs. Penetration Testing Can bug bounty programs replace penetration tests?This question has come up a lot in the past several months and today we released a guide that begins to answer it. Read More
By Casey Ellis Jan 15, 2017Ongoing coverage of wide-scale ransom attack in progress: How to protect Internet-facing data stores [Update] Active attacks now include: MongoDB, Elasticsearch and Hadoop.Two weeks ago the Internet was hit with the first in what has become a frightening trend of ransom attacks. This first attack affected fewer than 200 MongoDB installations and for the most part flew under the radar given the meager sum requested by the attacker (0.2 Bitcoins). However, this attack marked a significant shift in ransom attack model and just two weeks later we’re seeing a major escalation of this model and its impact. Read More
