It’s almost Halloween — the one night of the year when witches, ghosts, and vampires roam the streets. And if you thought those were scary, think again. In our connected world, cyber threats and attacks are lurking all around us,…
There is no doubt that the bug bounty industry is growing quickly yet in spite of this (or perhaps because of it) it’s still novel to many. One area especially near and dear to my heart is on the triage…
Running a bug bounty program on your own is difficult. Imagine receiving hundreds of vulnerability submissions weekly, many of them unimportant, and many of them duplicates of known vulnerabilities. Once you weed through those submissions, you'll have to respond if needed, prioritize…
2017 was a year for the books. The Equifax breach, the third Yahoo! breach, the Uber breach -- today nearly every American has been impacted by the loss of personally identifiable information (PII) data. And the threat continues to rise. Companies, healthcare systems, governmental…
Crowdsourced security testing and vulnerability disclosure programs require the right combination of policy, resources, and support to be successful. Bugcrowd’s leading platform and team bring years of experience facilitating success with whiteglove management of these programs. From the policy design, launch, and submission management our Operations team is a close partner of our talented researcher community and customers.
Last week, we released our third annual State of Bug Bounty Report. We were really excited to see the momentum around enterprise adoption, and this year’s report highlights not only the continued growth of the bug bounty model, but also the economics around bug bounty payouts, trends in vulnerabilities, and the continued growth of the crowd.
The management of vulnerability reports can be painfully time-consuming. Organizations hardly have the time or resources to triage and validate incoming vulnerability findings from outside researchers. We recognized the need to ease this pain in 2012 and since then, have provided our customers with full-scale bug bounty support and services, of which include expert technical review and escalation of valid vulnerability submissions. In addition, our teams provide the facilitation of researcher communications crucial for detailed reports, deeper context, and high engagement.
This week we have some exciting news related to our latest Vulnerability Rating Taxonomy (VRT) release!
This week we released a substantial update to our VRT!
