By Grant McCracken Jul 22, 2021Points don’t matter; Your skills do Points are everywhere, however, they could be detrimental . . . For years, researchers have relied on points as an easy, single flat metric for gauging one’s success on the platform - those with more points were ranked higher than… Read More
By Grant McCracken May 25, 2021Why You Can Trust The Crowd One of the most common questions we encounter in conversations around crowdsourced security programs is : “why would I invite researchers to hack my assets?”, “why should I trust the crowd?”, or some variant thereof. There are different permutations around… Read More
By Grant McCracken May 4, 2021Why Isn’t My Program Getting Submissions? Pt. Two Welcome back! If you haven’t already read the last blog on this topic, we set up a solid base that we’ll continue to expand upon here. To recap our past conversation (while succinct, I do recommend reading the last blog… Read More
By Grant McCracken Apr 27, 2021Why Isn’t My Program Getting Submissions? As crowdsourced cybersecurity programs grow and operate over the course of time, one of the most common effects of ‘program aging’ is a general reduction in the volume of submissions over time. Roughly analogous to the aging of anything (bodies,… Read More
By Grant McCracken Jan 10, 2021All You Need to Know About Bug Bounty Testing Environments If you’re looking to set up a bug bounty program, we've already covered step zero, setting your scope, and the importance of focus areas, as well as some considerations to make around exclusions on your program. For those of you… Read More
By Grant McCracken Apr 1, 2020The Silver Lining Unprecedented. Surreal. Wild. Dystopian. Unfathomable. Nobody saw this coming - where everyone is hunkering down with a pallet of toilet paper and crossing the street or taking some grand detour - all in an effort to avoid any human contact… Read More
By Grant McCracken Dec 10, 20192020 Vision: Cybersecurity Predictions for the Year and Beyond As we round out the final year of the decade and plunge headfirst into the 2020s, now is a good time to take a step back and reflect on the last year, as well as look forward at the potential… Read More
By Grant McCracken Aug 22, 2019The Problem with Limited Scope Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable… Read More
By Grant McCracken May 15, 2019The Do’s and Don’ts of Writing Your Program Brief As the quote goes, “if you don’t know where you’re going, you’ll end up someplace else”. This cliche, yet valid aphorism runs doubly true when running a crowdsourced security program. If we don’t have a clear idea of what success… Read More
By Grant McCracken Apr 23, 2019Setting Up Your Program Reward Ranges “What reward ranges should I set for my program?”, “How much should I pay for a given finding?”, and “What should my organization’s reward budget be for a successful program?” At Bugcrowd, we hear these questions time and time again… Read More
