72,000 Steps

Now that we’ve had a moment to settle from the chaos that was the 25th Annual RSA Conference on our home turf, we’d like to take a moment to jot down some thoughts and give you a look at our highlights – by the numbers. We’ll start with the average 72,000 steps “we” took from Monday to Friday, strutting our Bugcrowd gear around Moscone, meeting with incredible people, and generally getting amongst the action.
Over the five crazy days of #RSAC we made some real memories getting our Fitbit Workweek Challenge on… (Sidenote: Congrats to Fitbit for taking home an award in our recent Buggy Awards).
With all that walking, one moment stands out…

It’s cool to know that Rami is into this incredible community, and even though he’s not a “real hacker” he has clearly dug in and done a ton of research prior to filming. We’re big Mr. Robot fans at the Bugcrowd HQ and have weekly screenings. Needless to say, we’re looking forward to next season.

25,000 Crowd Members

We hit 25,000 crowd members mid last week:

The growth of our crowd is a continual source of excitement and fascination at Bugcrowd, as hackers from all walks of life and from all around the world join our ranks. Our community is made up of 25,000 talented and passionate people from diverse backgrounds, who have all come together to make the Internet’s products and services more secure. Without these researchers we wouldn’t be where we are today, and you can count on Bugcrowd to continue to invest in our researcher community.

10,000 Twitter Followers 

We passed 10,000 Twitter followers at the end of the week, and while that’s a somewhat trivial number compared to our 25,000-strong crowd, this body of active and engaging folks have been instrumental in curating and bolstering dialogue around the vulnerability disclosure and bug bounty space, and we learn from them each and every day. Thanks to all of our followers!

300+ Talks, sessions and briefings

Nope… We didn’t see the 300+ talks, tracks, sessions, keynotes and briefings – After all, we are only human – But we did catch some solid sessions…
  • On Tuesday the “2016 State of Vulnerability Exploits” talk by Amol Sarwate, Director of Vulnerability Research at Qualys gave us insight on how to “build a prioritized defense strategy in 2016” See the slides here.
  • Our good friend Michael Murray gave a great talk “Product Security at Internet Scale” outlining how organizations need to build security cultures to fully recognize true product security.
  • In the wee-small hours of Wednesday Julian Cohen gave an amazing talk on Intelligent Application Security, offering insights into how traditional penetration testing is not the be-all and end-all of application security, and often leaves companies vulnerable to highly likely attacks. He brought economic incentive into the ring, which is a subject near and dear to our hearts… Because pen testers act as hobbyists while attackers act as resource constrained businesses, the motivations and methodologies are misaligned.
  • On Wednesday U.S. Secretary of Defense Ashton Carter was part of “A Conversation on Collaboration Between Silicon Valley and the Department of Defense“, where shared some interesting insights… And dropped an incredible announcement that we’ll share more about below (Spoiler: The DoD is starting a bug bounty program).
  • Of course, no conference is complete without the Charle/Chris show and they certainly delivered, with an entertaining low-down on on the latest findings from their car hacking research, as well as some practical tips for newcomers. As the security industry realizes that cars are basically 2-ton mobile phones, their ‘Intro to Car Hacking’ talk was a must see.

    Wow! Awesome crowd in the #RSAC Sandbox for @0xcharlie & @nudehaberdasher for their intro to car #hacking preso pic.twitter.com/Ej9FyWX7JD

    — RSA Conference (@RSAConference) March 2, 2016


Which session did you get the most out of? We’d love to hear from you – Tweet at us!

60 awesome bc employees

Bugcrowd’s contibution to last week was the product of a phenomenal team effort… With every department playing an role in adding value to the event, and helping make our festivities successful.
  • Our marketing team worked tirelessly to ensure all logistics and communications were handled with care.
  • Our sales and researcher ops teams were instrumental in generating buzz, getting feedback, and speaking with folks from every corner of the industry – both hacker and vendor.
  • Our engineering team used this opportunity to generate excitement among top recruits and to chat with other SaaS platform engineers and owners.
  • And of course, our extended family… our customers, researchers, friends and advocates in the industry… thank you for your tireless support and devotion.

22 press mentions

RSAC week had a pretty interesting topic backdrop with Apple vs FBI and the DoD “Hack The Pentagon” announcement. As a result, we spent a decent chunk of the week sharing our thoughts with the press:

20 years

Art Coviello Accepts Lifetime Achievement
On Tuesday we were thrilled to cheer on our Board of Advisors member, Art Coviello while he received the RSA lifetime achievement award celebrating 20 years at RSA. We firmly believe in the value of “standing on the shoulders of giants” and are honored that Art is part of the Bugcrowd family. Art is one of those people whose hard work and dedication is evidenced in almost every area of the information security industry.


5 co-sponsors

Ain’t No Party Like a #FoodTruckParty 
Our Second Annual Food Truck Party was a hit and we were thrilled to share it with our five co-sponsors, Distil Networks, Cloudmark, Cylance, (ISC)2 and Okta. Thanks to everyone who came out, and those of you who didn’t make it (…a random bombscare in a different location, possibly caused by a bag full of vendor swag, caused some traffic issues), we’d love to have you at our CanSecWest Happy Hour + Bug Bash or our upcoming Meetup at Bugcrowd HQ. View our photos from the event here and contact marketing@bugcrowd.com to find out how you can be part of

2 trending news topics

With all the happy hours, press meet-ups, Hallway con at large and interviews galore, two major trending news topics jumped out at us throughout the week…

In case you missed the hundreds news mentions last week, press and vendors alike were buzzing last week after the Department of Defense announced that they will be inviting hackers to find vulnerabilites before the bad guys do.
One of the first articles released on the subject can be found here, along with an awesome audio segment with Ashton Carter, United States Secretary of Defense, and Kara Swisher of re/code. We are thrilled to support the DoD on this endeavor, and are glad to see the bug bounty model being adopted across all verticals and in the public sector. Read our blog post published last week for our full comments.
FBI vs. Apple and dormant cyberpathogen thingies

 Enough said.

1 Year Until next RSAc

And so, the countdown begins to #RSAC2017…
We had a great time hanging with you guys and look forward to upcoming March hallway cons at SANS Orlando and CanSecWest!
Hit us up @Bugcrowd or hello@bugcrowd.com if you’d like to get together.