September 2015 Hall of Fame announcement time! Big recognition goes to securityidiots, who topped the September leaderboard with 329 points earned through multiple P1 and P2 submissions.
2012 was the year that almost every industry, banking, education, government, big tech and even security, was hacked. Many, if not all of these companies were doing “all” they could to protect themselves against these hacks, and yet they were still left vulnerable. In direct response to this, 2012 was also the year we built Bugcrowd to beat an army of adversaries with an army of allies.
It is time for the August 2015 Hall of Fame, our first month running with the new kudos points award model. Big recognition goes to harie_cool, who has topped the monthly leaderboard 2 months straight due to his solid string of P1 and P2 submissions.
The only way for a security team to effectively manage risk is vulnerability prioritization and management. There are many different prioritization models used across the industry that are based on vulnerability risk and impact. Without a clear prioritization model, how do you know what to fix first? Highest CVSS Score? FIFO? LIFO? Externally known issues? Whatever your prioritization plan is, it needs to be documented and updated as threats to your business change.
It is time for the July 2015 Hall of Fame, and this month we had an unusual situation. We ran an internal project for our Application Security Engineers, and jhaddix crushed it. But the performance bonus program is for the Crowd, not employees. As a result, in July we are awarding the 1st, 2nd, and 4th place researchers. To thank these individuals for their hard work, Bugcrowd is pleased to announce the following researchers will receive July 2015 performance bonuses:
A lot of organizations out there are looking talented hackers right now. Defense, offense, Ops, Dev, you name it, if you have skills then someone is probably looking for you! The problem doesn’t seem to be the *need* but a concise way to finding/getting these positions. Here are a few notes and resources we love for helping connect awesome researchers with awesome companies (it’s kinda a thing we do here).