Putsi is #38 on the community leaderboard, with a 97.14% acceptance rate and an average bug priority of 3. Putsi just recently entered the top 40 on Bugcrowd and has had success with many private and public bounty programs on the platform.
Read below for our interview with Putsi and make sure to follow @Putsi on Twitter.
A few weeks ago we launched a very exciting program, and now that it’s well underway, wanted to give a huge shout out to the awesome organization making it happen. The Open Web Application Security Project (OWASP) is not only the authority on most things application security but a phenomenal open source organization that is constantly trying new things, evolving and innovating the application security landscape.
Bugcrowd has always held education and sharing as a core value, which is why I’m very pleased to announce the release of our second annual State of Bug Bounty Report.
This 22-page document gives the reader an up-close and personal look at the evolving dynamics of the bug bounty market, and deeper insight into the early stages of the “unlikely romance” blossoming between hackers and organizations. Read the full report
Nikaiw is #58 on the community leaderboard, with a 96.88% acceptance rate and an average bug priority of 2.37. Nikaiw has been on Bugcrowd for less than 6 months and in that time he’s found 31 valid vulnerabilities, with 10 of those being P1’s.
Read below for our interview with Nikaiw and make sure to follow @Nikaiw on Twitter.
Bugcrowd is excited to announce our May 2016 Hall of Fame winners! Big recognition goes to mert, who topped the May leaderboard with an astouding 786 points earned through multiple last minute P1 and P2 submissions. To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance.
For me, one of the most enjoyable aspects of the security industry is the security community. The relationships I’ve been fortunate enough to build over the past couple of years have made this job very rewarding and of course, a ton of fun. I recently had the chance to record a podcast discussion with Frans Rosen, founder of Detectify and active bug bounty hunter to discuss our experiences in the security community:
This morning we released the second episode of our new podcast series ‘Big Bugs’ hosted by me. This episode, embedded in this post and available on SoundCloud, takes a look at the recently popularized bug, ImageTragick. I discuss the detection and remediation time line of the widespread bug in the image processing suite, ImageMagic, as well as the implications it has for developers and researchers.
When coming across a *.target.com scope, it’s always a good idea to seek the road less travelled. Exotic and forgotten applications running on strangely named subdomains will quickly lead to uncovering critical vulnerabilities and often high payouts. Discovering such subdomains is a critical skill for today’s bug hunter and choosing the right techniques and tools is paramount.
Fuzzybear is #43 on the community leaderboard, with a 100% acceptance rate and an average bug priority of 2.55. In the short time he’s been on Bugcrowd and in bug bounties he has done quite well, successfully finding 65 bugs on Bugcrowd bug bounties, most of which was through private bug bounty programs. He also has one of my favorite usernames in the community!
Read below for our interview with Fuzzybear, where he shares some great practical advice for researchers.