Bugcrowd released disclose.io, the open-sourced safe harbor project, in August 2018. Since then, we’re pleased to report that companies have been leaning into the need for a safer and easier-to-navigate legal environment for whitehat hackers. To help this along, we’ve…
Developing policy to protect hackers that participate in Vulnerability Disclosure Programs and Bug Bounties is paramount to Bugcrowd. Anti-hacking laws around the world such as the Computer Fraud and Abuse Act (CFAA) are built on the idea that a hacker…
This month we’re taking our ‘Big Bugs’ podcast out of hibernation for a special podcast on one of our favorite topics–Capture the Flag Competitions!
Last month we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
In the past several weeks we’ve been publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
Our last Q&A is with Josh Sokol who is an OWASP Board of Directors member and brings an interesting perspective to our application security challenges conversation. OWASP has run several bounties and responsible disclosure programs with Bugcrowd. Read more about their programs here.
Yesterday a vulnerability in Cloudflare CDN and DDoS prevention service was disclosed by Google’s Project Zero. The blog post stated that an HTML parser for specific Cloudflare features was vulnerable to leaking sensitive information of other Cloudflare customers.
Last month we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
In the past several weeks we’ve been publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
This week’s interview is with Dave Farrow, Barracuda’s Senior Director, Information Security, who has been instrumental in working with the security researcher community through their bug bounty program.
We also sat down with Dave last week at RSAC to hear about his conference session and his plans for appsec. Watch the video here.
Last week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
Over the next couple of weeks, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
Last week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
Over the next couple of months, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
This week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.
Over the next couple of months, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.
What are CISOs concerned about in application security for 2017?
What are their spending and resource allocation priorities?
What does the modern-day appsec landscape look like?
At the end of 2016 we surveyed some security industry leaders to get their thoughts on the current state of application security and what is to come for appsec organizations over the next twelve months. We discovered that application security organizations are at a steep disadvantage and their current positions may not be enough to keep up with modern attackers:
