skip to Main Content

Bug Bounties and NGWAF: 1+1=3

Return on Investment – ROI. Sales departments have to show it, marketing departments have to show it, and of course, security departments do too. At the end of the day we all need to show where the dollars are going, and security teams have the additional burden of correlating those dollars spent with the elimination of risk – or the perceived elimination of risk.

Read More

$15M to Connect Hackers and Companies… Why, and What’s Next?

Today is a great day for hackers, defenders, Bugcrowd as a company, and for Aussie founders with a dream to execute on the world stage. We’re very proud to have Blackbird Ventures, the same firm that pioneered the Startmate incubator where Bugcrowd began, taking the lead on our $15M Series B alongside existing investors Rally, Costanoa and Paladin. We’re just as pleased to welcome Salesforce Ventures and Industry Ventures to the family.

Funding-Announcement_3.jpg

Read More

Researcher Spotlight: Nijagaw

Nicodemo Gawronski, @Nijagaw has been hacking on Bugcrowd bounty programs since mid-2014 and is also a Penetration Tester at Sec-1 in the UK. He is ranked 8th on Bugcrowd’s all time leaderboard and was nominated in the 2015 Bugcrowd Buggy Awards for Most Valuable Hacker which awarded the researchers with overall high activity, low noise, and high impact. He has an acceptance rate of 99.11% and an average priority of 3.09.  

Read More

March 2016 Leaderboard

Bugcrowd is excited to announce our March 2016 Hall of Fame winners!  Huge recognition goes to mongo , who has topped the monthly leaderboard for the second month in a row due to his solid string of P1 and P2 submissions! To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance:

Read More

In the Name of Transparency

transparency-meme.jpgAt the beginning of the year, we made a decision to put some stakes in the ground.

 

We decided it was time to talk, write, argue, and share about sides of the bug bounty space that we interact with every day, but would otherwise rarely see the light of day… The kinds of things that some would consider as Bugcrowd’s “secret sauce.”

Why? Read on.

 

Read More

First Update to our Vulnerability Rating Taxonomy

vrt-2.pngOver a month ago, Bugcrowd published its Vulnerability Rating Taxonomy (VRT). We created the VRT to expose the community to common technical priority ratings for certain classes of bugs. Since its release, we have received a tremendous amount of feedback.

 

Based on this feedback, we have divided the Cross-Site Scripting (XSS) entries to provide additional granularity that captures priority variations for XSS within applications with multiple user privilege levels.

Read More

[Guest Blog] InfoSec’s New Mandate: Silo Smashing and Feedback Loop Amplification

The original post by James Wickett appeared originally on Signal Sciences Lab on 03/24/16.  


I have reached the age Silo Smashing and Feedback Loop Amplificationwhere friends are getting roles like CISO or Director of Security or Senior Architect. All important titles with crucial tasks ahead of them. Usually when friends take these roles they immediately realize that they have found themselves in unfamiliar waters. The skills that got them to that role are not the skills they need to succeed.

Read More

February 2016 Hall of Fame

Bugcrowd is excited to announce our February  2016 Hall of Fame winners!  Big recognition goes to mongo, who topped the February leaderboard with 432 points earned through multiple P1 and P2 submissions.  To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance.

Read More
Learn More About The Most Critical Vulnerabilities of 2019Download Report
+
Back To Top