By Jason Haddix May 2, 2019Disclose.io – The Movement Marches Forward Bugcrowd released disclose.io, the open-sourced safe harbor project, in August 2018. Since then, we’re pleased to report that companies have been leaning into the need for a safer and easier-to-navigate legal environment for whitehat hackers. To help this along, we’ve… Read More
By Jason Haddix Dec 3, 2018Protecting Hackers (by default) with Disclose.io Developing policy to protect hackers that participate in Vulnerability Disclosure Programs and Bug Bounties is paramount to Bugcrowd. Anti-hacking laws around the world such as the Computer Fraud and Abuse Act (CFAA) are built on the idea that a hacker… Read More
By Jason Haddix Mar 10, 2017Big Bugs Podcast 7 | The World of CTFs w/ Special Guest This month we’re taking our ‘Big Bugs’ podcast out of hibernation for a special podcast on one of our favorite topics–Capture the Flag Competitions! Read More
By Jason Haddix Mar 1, 2017OWASP Board Member Josh Sokol Provides Perspective on AppSec Evolution Last month we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.In the past several weeks we’ve been publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.Our last Q&A is with Josh Sokol who is an OWASP Board of Directors member and brings an interesting perspective to our application security challenges conversation. OWASP has run several bounties and responsible disclosure programs with Bugcrowd. Read more about their programs here. Read More
By Jason Haddix Feb 24, 2017Security Advisory: Cloudbleed Yesterday a vulnerability in Cloudflare CDN and DDoS prevention service was disclosed by Google’s Project Zero. The blog post stated that an HTML parser for specific Cloudflare features was vulnerable to leaking sensitive information of other Cloudflare customers. Read More
By Jason Haddix Feb 24, 2017How Barracuda’s Dave Farrow is Closing the AppSec Gap Last month we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.In the past several weeks we’ve been publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts.This week’s interview is with Dave Farrow, Barracuda’s Senior Director, Information Security, who has been instrumental in working with the security researcher community through their bug bounty program. We also sat down with Dave last week at RSAC to hear about his conference session and his plans for appsec. Watch the video here. Read More
By Jason Haddix Feb 16, 2017Product Security Challenges and Opportunities: Insights from Adobe’s VP and CSO, Brad Arkin Last week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.Over the next couple of weeks, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts. Read More
By Jason Haddix Feb 9, 2017Insights From AppSec Veteran, Richard Rushing Last week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.Over the next couple of months, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts. Read More
By Jason Haddix Feb 3, 2017CISO Q&A: Kim Green This week we launched our 2017 CISO Investment Blueprint which analyzes survey responses from 100 security decision makers regarding the current state of application security. In addition to the survey results, we’ve chatted with several innovators in the security industry to get their thoughts on appsec today and the future.Over the next couple of months, we’ll be publishing these interviews, filled with insights around the challenges and opportunities present for security decision-makers in 2017. We welcome your feedback and observations as well! Tweet us or shoot us an email to share your thoughts. Read More
By Jason Haddix Jan 31, 2017New Industry Report: 2017 CISO Investment Blueprint What are CISOs concerned about in application security for 2017?What are their spending and resource allocation priorities?What does the modern-day appsec landscape look like?At the end of 2016 we surveyed some security industry leaders to get their thoughts on the current state of application security and what is to come for appsec organizations over the next twelve months. We discovered that application security organizations are at a steep disadvantage and their current positions may not be enough to keep up with modern attackers: Read More