skip to Main Content

Posts by Bugcrowd

[Guide] Getting Started with OWASP’s Bug Bounties

“Be the thriving global community that drives visibility and evolution in the safety and security of the world’s software.” In keeping with their mission statement, OWASP has adopted the bug bounty model, tapping into the broader community of global security researchers to secure their defender libraries and open source projects. Since June of this year, they have launched bug bounty programs for four OWASP open source projects:

Read More

OSS Security Maturity: Time to Put On Your Big Boy Pants!

Earlier today we joined Jake Kouns, CISO of Risk Based Security, and Christine Gadsby, Director of Product Security at BlackBerry for a guest webcast. They gave their Black Hat 2016 talk ‘OSS Security Maturity: Time to Put on Your Big Boy Pants’ which analyzes the real risks of using OSS and the best way to manage its use within your organization.

This post is a high-level review of that presentation–you can watch the recording here and download their slides here.

Read More

OWASP’s Open Source Bug Bounty Launch

A few weeks ago we launched a very exciting program, and now that it’s well underway, wanted to give a huge shout out to the awesome organization making it happen. The Open Web Application Security Project (OWASP) is not only the authority on most things application security but a phenomenal open source organization that is constantly trying new things, evolving and innovating the application security landscape.

Read More

Jet.com Increases Rewards to Match the Market Rate of Security Bugs

At the beginning of this year we released our ‘Defensive Vulnerability Pricing Model’ that answers the question “what’s a bug worth?”. This guide outlines how much organizations should budget for crowdsourced security programs, and what reward ranges attract the right talent. In short, this guide, informed by tens of thousands of vulnerability submissions and years of running public and private crowdsourced security programs, set the first market rates for security vulns by criticality, and now organizations are beginning to adopt this guidance.

Read More

[Guest Blog] Skyscanner’s Adventures in Bug Bounties

Posted originally on by Stuart Hirst on Skyskanner’s Code Voyager Blog

Skyscanner has a culture of innovation and continuous improvement. For our IT security function, the ‘Security Squad’, it is no different. External security testing had previously taken the form of standard penetration testing, which brought considerable value and helped improve security posture. However, our Squad wanted to look at new ways of testing the products that we help secure on a daily basis. In early 2015, we began to investigate the possibility of a crowd-sourced testing mechanism.

Read More

Bug Bounties and NGWAF: 1+1=3

Return on Investment – ROI. Sales departments have to show it, marketing departments have to show it, and of course, security departments do too. At the end of the day we all need to show where the dollars are going, and security teams have the additional burden of correlating those dollars spent with the elimination of risk – or the perceived elimination of risk.

Read More

[Guest Blog] InfoSec’s New Mandate: Silo Smashing and Feedback Loop Amplification

The original post by James Wickett appeared originally on Signal Sciences Lab on 03/24/16.  


I have reached the age Silo Smashing and Feedback Loop Amplificationwhere friends are getting roles like CISO or Director of Security or Senior Architect. All important titles with crucial tasks ahead of them. Usually when friends take these roles they immediately realize that they have found themselves in unfamiliar waters. The skills that got them to that role are not the skills they need to succeed.

Read More

Bugcrowd’s RSAC 2016 by the Numbers

72,000 Steps

Now that we’ve had a moment to settle from the chaos that was the 25th Annual RSA Conference on our home turf, we’d like to take a moment to jot down some thoughts and give you a look at our highlights – by the numbers. We’ll start with the average 72,000 steps “we” took from Monday to Friday, strutting our Bugcrowd gear around Moscone, meeting with incredible people, and generally getting amongst the action.
 
Read More
Learn More About The Day in The Life of a Pen Tester ( Episode 4 )Register Now
+
Back To Top