skip to Main Content

Posts by Bugcrowd

Case Study: Aruba’s Private Bug Bounty Program

After over two years of running an outstanding bug bounty program with Bugcrowd, we’d like to give some recognition to one of our longest standing and committed customers–Aruba Networks.
Since 2014, Aruba has successfully leveraged Bugcrowd’s most skilled and trusted researchers through a private bug bounty program for their web applications and hardware devices. Download the Aruba Case Study to learn more about their success.

 

Read More

Bug Bounties: Risk and Reward

Today our CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people have about bug bounties and discussed both ways to address those concerns, as well as implement liability controls.

Read More

XSS Bugs that Prove the Danger in ‘XSS-Fatigue’

XSS-Fatigue: Realities and Pitfalls

Cross-Site Scripting was ‘discovered’ in 1999, and since then, has appeared in just about every ‘top-ten most common vulnerabilities’ list. The frequency and longevity of XSS in headlines, POCs and vulnerability databases over the past 10+ years have thrown us into ‘XSS-fatigue.’ In our own annual report this year, we reported that of all vulnerabilities submitted through Bugcrowd programs, over 25% were classified as XSS. In this post, we’ll explore the idea of XSS-fatigue, why XSS bugs are still so prevalent, and some examples in which XSS were incredibly high impact, proving that XSS-fatigue is founded not in quality, but perception.

Read More

New Program Launch: AgileBits Bug Bounty for 1Password

1password_launch.pngSince 2006, 1Password has been a trusted industry leader in managing and storing passwords and has always prioritized product security.

To reinforce their commitment to product security, AgileBits, the company behind 1Password, is launching their public bug bounty program!

 

Read More

[Guide] Getting Started with OWASP’s Bug Bounties

“Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software.” In keeping with their mission statement, OWASP has adopted the bug bounty model, tapping into the broader community of global security researchers to secure their defender libraries and open source projects. Since June of this year, they have launched bug bounty programs for four OWASP open source projects:

Read More

OSS Security Maturity: Time to Put On Your Big Boy Pants!

oss-security-maturity.pngEarlier today we joined Jake Kouns, CISO of Risk Based Security, and Christine Gadsby, Director of Product Security at BlackBerry for a guest webcast. They gave their Black Hat 2016 talk ‘OSS Security Maturity: Time to Put on Your Big Boy Pants’ which analyzes the real risks of using OSS and the best way to manage its use within your organization.

This post is a high-level review of that presentation–you can watch the recording here and download their slides here.

Read More

OWASP’s Open Source Bug Bounty Launch

A few weeks ago we launched a very exciting program, and now that it’s well underway, wanted to give a huge shout out to the awesome organization making it happen. The Open Web Application Security Project (OWASP) is not only the authority on most things application security but a phenomenal open source organization that is constantly trying new things, evolving and innovating the application security landscape.

Read More

Jet.com Increases Rewards to Match the Market Rate of Security Bugs

At the beginning of this year we released our ‘Defensive Vulnerability Pricing Model’ that answers the question “what’s a bug worth?”. This guide outlines how much organizations should budget for crowdsourced security programs, and what reward ranges attract the right talent. In short, this guide, informed by tens of thousands of vulnerability submissions and years of running public and private crowdsourced security programs, set the first market rates for security vulns by criticality, and now organizations are beginning to adopt this guidance.

Read More
Learn More About The Most Critical Vulnerabilities of 2019Download Report
+
Back To Top