By Casey Ellis Nov 21, 20164 Years of Bugcrowd’s Bug Bounty: Evolution and Learnings Here at Bugcrowd we take our own advice. Four years ago yesterday we launched Bugcrowd’s first bounty program to uncover vulnerabilities in our own applications and web assets. Read More
By Casey Ellis Nov 16, 2016Okta Launches Public Bug Bounty Program with Bugcrowd Today we are pleased to announce that after running an extensive private program with Bugcrowd, Okta is launching its first public bug bounty program. Read More
By Casey Ellis Oct 4, 2016Bug Bounty: Part of This Complete Breakfast In the past several months, bug bounties have gained popularity in the press and have been adopted with increasing velocity by enterprise organizations. Along with this popularity, the bug bounty model has also received some criticism, and various actors within the industry have raised some very good questions. In keeping with our commitment to transparency, honesty, and education, we thought it was as good as time as any to discuss two specific areas that have cropped up in the past several months, quality and impact, through examining some misconceptions about bug bounties. Read More
By Casey Ellis Jul 13, 2016Fiat Chrysler – The First Full-Line Automaker to Launch a Paid Public Bug Bounty Program 2015 was the year the public perception of automobile safety changed forever… Chris Valasek and Charlie Miller’s notorious Jeep Cherokee hack transformed the idea of the humble automobile into a 2-tonne computer that can be hacked just like any other. In recent years, automakers are realising that hackers just like Charlie and Chris are already at the table, ready and willing to help, and are leveraging the work coming out of this community to make their products safer from cyber threats.We are excited to announce that Fiat Chrysler Automobiles is joining the ranks of those pioneering this relationship, by becoming one of the first automakers to launch a bug bounty program. Read More
By Casey Ellis Jun 8, 2016Bugcrowd’s 2nd Annual State of Bug Bounty Report – A Note from the CEO Bugcrowd has always held education and sharing as a core value, which is why I’m very pleased to announce the release of our second annual State of Bug Bounty Report.This 22-page document gives the reader an up-close and personal look at the evolving dynamics of the bug bounty market, and deeper insight into the early stages of the “unlikely romance” blossoming between hackers and organizations. Read the full report Read More
By Casey Ellis May 11, 2016Bug Bounty Adoption in the Financial Services Industry During FS-ISAC last week, we had our ears to the ground, chatting with security folks about their concerns, challenges and hopes for application security testing and have set out to distill some of our observations and data to discuss the state of application security… Read More
By Casey Ellis Apr 20, 2016$15M to Connect Hackers and Companies… Why, and What’s Next? Today is a great day for hackers, defenders, Bugcrowd as a company, and for Aussie founders with a dream to execute on the world stage. We’re very proud to have Blackbird Ventures, the same firm that pioneered the Startmate incubator where Bugcrowd began, taking the lead on our $15M Series B alongside existing investors Rally, Costanoa and Paladin. We’re just as pleased to welcome Salesforce Ventures and Industry Ventures to the family. Read More
By Casey Ellis Apr 1, 2016In the Name of Transparency At the beginning of the year, we made a decision to put some stakes in the ground. We decided it was time to talk, write, argue, and share about sides of the bug bounty space that we interact with every day, but would otherwise rarely see the light of day… The kinds of things that some would consider as Bugcrowd’s “secret sauce.”Why? Read on. Read More
By Casey Ellis Mar 2, 2016On the U.S. Government and Bug Bounties My favorite thing about going to conferences is establishing the underlying trends behind the questions I’m asked. We’re only half-way through RSAC/BSides week, and already the dominant question is clear:When is the government going to start a bug bounty program?Here’s my answer:The government has no choice but to adopt a crowdsourced model for vulnerability discovery, it’s more a question of when will the pain of staying the same exceed the pain of change. Read More
By Casey Ellis Dec 31, 2015Building Bugcrowd: Our First Principles About 12 months after Bugcrowd started, one of our team pulled me aside and made a suggestion that truly altered the course of the company: Read More
