skip to Main Content
Bugcrowd has always held education and sharing as a core value, which is why I’m very pleased to announce the release of our second annual State of Bug Bounty Report.
This 22-page document gives the reader an up-close and personal look at the evolving dynamics of the bug bounty market, and deeper insight into the early stages of the “unlikely romance” blossoming between hackers and organizations. Read the full report
During FS-ISAC last week, we had our ears to the ground, chatting with security folks about their concerns, challenges and hopes for application security testing and have set out to distill some of our observations and data to discuss the state of application security…
Today is a great day for hackers, defenders, Bugcrowd as a company, and for Aussie founders with a dream to execute on the world stage. We’re very proud to have Blackbird Ventures, the same firm that pioneered the Startmate incubator where Bugcrowd began, taking the lead on our $15M Series B alongside existing investors Rally, Costanoa and Paladin. We’re just as pleased to welcome Salesforce Ventures and Industry Ventures to the family.
At the beginning of the year, we made a decision to put some stakes in the ground.
We decided it was time to talk, write, argue, and share about sides of the bug bounty space that we interact with every day, but would otherwise rarely see the light of day… The kinds of things that some would consider as Bugcrowd’s “secret sauce.”
Why? Read on.
My favorite thing about going to conferences is establishing the underlying trends behind the questions I’m asked. We’re only half-way through RSAC/BSides week, and already the dominant question is clear:
When is the government going to start a bug bounty program?
Here’s my answer:
The government has no choice but to adopt a crowdsourced model for vulnerability discovery, it’s more a question of when will the pain of staying the same exceed the pain of change.
About 12 months after Bugcrowd started, one of our team pulled me aside and made a suggestion that truly altered the course of the company:
Bugcrowd’s view has always been that the economic and resourcing model of the bug bounty programs pioneered by Netscape, Google and Facebook is more that just the “latest and greatest tech-company fad.” It’s a necessary and inevitable evolution in security assessment, and it’s benefits will impact the entire IT ecosystem.
2012 was the year that almost every industry, banking, education, government, big tech and even security, was hacked. Many, if not all of these companies were doing “all” they could to protect themselves against these hacks, and yet they were still left vulnerable. In direct response to this, 2012 was also the year we built Bugcrowd to beat an army of adversaries with an army of allies.
Let me say clearly and upfront: As the founder of a company that manages a community of security researchers, I empathize with Mary Ann Davies’ frustrations… but I also strongly disagree with her approach.
In short, Yes. A list of POCs are provided below. If we're missing anything let us know via Twitter @bugcrowd, and we'll add it to the list and credit you for helping out. Last update: 30 April 2014 6:07 PDT Unless…
