By Ryan Black Oct 26, 2018Halloween Hacks and How to Avoid Them #SecOps Edition It’s almost Halloween — the one night of the year when witches, ghosts, and vampires roam the streets. And if you thought those were scary, think again. In our connected world, cyber threats and attacks are lurking all around us,… Read More
By Ryan Black Jun 27, 2018Frequently Asked Questions About Bug Bounty Triage with Ryan Black There is no doubt that the bug bounty industry is growing quickly yet in spite of this (or perhaps because of it) it’s still novel to many. One area especially near and dear to my heart is on the triage… Read More
By Ryan Black Jan 22, 2018Setting the Bar High for Bug Bounty Triage and Validation Running a bug bounty program on your own is difficult. Imagine receiving hundreds of vulnerability submissions weekly, many of them unimportant, and many of them duplicates of known vulnerabilities. Once you weed through those submissions, you'll have to respond if needed, prioritize… Read More
By Ryan Black Dec 18, 20173 Reasons Bugcrowd Researchers Keep Coming Back 2017 was a year for the books. The Equifax breach, the third Yahoo! breach, the Uber breach -- today nearly every American has been impacted by the loss of personally identifiable information (PII) data. And the threat continues to rise. Companies, healthcare systems, governmental… Read More
By Ryan Black Dec 4, 2017Leveraging Policy and a Purpose-built Platform to Steer the Ship in SecOps Crowdsourced security testing and vulnerability disclosure programs require the right combination of policy, resources, and support to be successful. Bugcrowd’s leading platform and team bring years of experience facilitating success with whiteglove management of these programs. From the policy design, launch, and submission management our Operations team is a close partner of our talented researcher community and customers. Read More
By Ryan Black Jul 7, 2017Bigger Bugs, Bigger Payouts, More Managed Programs Last week, we released our third annual State of Bug Bounty Report. We were really excited to see the momentum around enterprise adoption, and this year’s report highlights not only the continued growth of the bug bounty model, but also the economics around bug bounty payouts, trends in vulnerabilities, and the continued growth of the crowd. Read More
By Ryan Black Jun 8, 2017Why a DIY Bug Bounty is a Bad Idea The management of vulnerability reports can be painfully time-consuming. Organizations hardly have the time or resources to triage and validate incoming vulnerability findings from outside researchers. We recognized the need to ease this pain in 2012 and since then, have provided our customers with full-scale bug bounty support and services, of which include expert technical review and escalation of valid vulnerability submissions. In addition, our teams provide the facilitation of researcher communications crucial for detailed reports, deeper context, and high engagement. Read More
By Ryan Black May 8, 2017Bugcrowd’s Vulnerability Rating Taxonomy Goes Open Source This week we have some exciting news related to our latest Vulnerability Rating Taxonomy (VRT) release! Read More
By Ryan Black Mar 7, 2017Major Updates to Vulnerability Rating Taxonomy This week we released a substantial update to our VRT! Read More