skip to Main Content

Posts by Bugcrowd

Bug Bounties and NGWAF: 1+1=3

Return on Investment – ROI. Sales departments have to show it, marketing departments have to show it, and of course, security departments do too. At the end of the day we all need to show where the dollars are going, and security teams have the additional burden of correlating those dollars spent with the elimination of risk – or the perceived elimination of risk.

Read More

[Guest Blog] InfoSec’s New Mandate: Silo Smashing and Feedback Loop Amplification

The original post by James Wickett appeared originally on Signal Sciences Lab on 03/24/16.  


I have reached the age Silo Smashing and Feedback Loop Amplificationwhere friends are getting roles like CISO or Director of Security or Senior Architect. All important titles with crucial tasks ahead of them. Usually when friends take these roles they immediately realize that they have found themselves in unfamiliar waters. The skills that got them to that role are not the skills they need to succeed.

Read More

Bugcrowd’s RSAC 2016 by the Numbers

72,000 Steps

Now that we’ve had a moment to settle from the chaos that was the 25th Annual RSA Conference on our home turf, we’d like to take a moment to jot down some thoughts and give you a look at our highlights – by the numbers. We’ll start with the average 72,000 steps “we” took from Monday to Friday, strutting our Bugcrowd gear around Moscone, meeting with incredible people, and generally getting amongst the action.
 
Read More

Vulnerability Prioritization at Bugcrowd

The only way for a security team to effectively manage risk is vulnerability prioritization and management. There are many different prioritization models used across the industry that are based on vulnerability risk and impact. Without a clear prioritization model, how do you know what to fix first? Highest CVSS Score? FIFO? LIFO? Externally known issues? Whatever your prioritization plan is, it needs to be documented and updated as threats to your business change.

Read More

Advice From A Researcher: Hunting XXE For Fun and Profit

About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. After his first few bugs, he came to realize that bug bounties are a great way to learn more about web application security as well as make some extra money while going to school – computer science major. Currently Ben is an intern at Bugcrowd and continues to do bug bounty research. You can see more of his work on nahamsec.com.

Read More

April 2015 Hall of Fame

Like Employee of the Month but better, I’m excited to tell you about the three Crowd members that earned top spots on the April 2015 Hall of Fame. We have a ton of amazing researchers contributing solid bugs every day, but these three ninjas earned the most Kudos points in Bugcrowd bounty programs from April 1 to April 30 2015. To thank them for their hard work, Bugcrowd is pleased to announce they’ll receive performance bonuses.

Read More

When to Reward a Bug Bounty Submission

We’re regularly asked how Bugcrowd determines if a bug bounty submission is rewardable. Today, as we approach 10,000 submissions, and as part of Bugcrowd’s commitment to transparency, we’re shedding some light on our submission evaluation process. Its important to note…

Read More
Back To Top