This week’s Researcher Spotlight is on Mico! Mico ranks #5 on Bugcrowd’s leaderboard with over 1926 kudos points, 266 bugs found, a 91% acceptance rate and an average bug priority of 2.92. In a relatively short period of time we’ve seen Mico climb his way up the charts. Mico can be found on Bugcrowd and you can follow him on Twitter at @bugtest0101.
Time for the April Hall of Fame announcement of 2016! Big recognition once again goes to mongo, who topped the April leaderboard with an astounding 1039 points earned through multiple P1 submissions.
We recently published a comprehensive but abbreviated guide ‘Anatomy of a Bounty Brief’ which explores each part of a bounty program brief and how organizations can write them more clearly and thoughtfully.
Once you’ve identified that you and your organization are ready to commit the necessary time and resources to running a bug bounty program, it’s time to start building out your program brief – the first step of which, is setting the program scope.
Today we released our first episode of our new podcast series ‘Big Bugs’ hosted by me. Our first episode, embedded in this post and available on SoundCloud, provides an introduction to the car hacking space. With case studies of successful attacks and research from the past years, I also provide some technical resources for testing as well as technical resources for developers. Enjoy!
Over the last year Bugcrowd has seen a dramatic increase in the number of bounty programs that feature mobile app (iOS and Android) targets. Whether you have mobile skills or just want to expand from web app to mobile app bug hunting, Bugcrowd has several public programs and numerous private programs available for you to hack on for fun and profit. We want you! Which is why we’re running a limited time contest for all mobile vulns.
Posted originally on by Stuart Hirst on Skyskanner’s Code Voyager Blog
Skyscanner has a culture of innovation and continuous improvement. For our IT security function, the ‘Security Squad’, it is no different. External security testing had previously taken the form of standard penetration testing, which brought considerable value and helped improve security posture. However, our Squad wanted to look at new ways of testing the products that we help secure on a daily basis. In early 2015, we began to investigate the possibility of a crowd-sourced testing mechanism.
Return on Investment – ROI. Sales departments have to show it, marketing departments have to show it, and of course, security departments do too. At the end of the day we all need to show where the dollars are going, and security teams have the additional burden of correlating those dollars spent with the elimination of risk – or the perceived elimination of risk.
Today is a great day for hackers, defenders, Bugcrowd as a company, and for Aussie founders with a dream to execute on the world stage. We’re very proud to have Blackbird Ventures, the same firm that pioneered the Startmate incubator where Bugcrowd began, taking the lead on our $15M Series B alongside existing investors Rally, Costanoa and Paladin. We’re just as pleased to welcome Salesforce Ventures and Industry Ventures to the family.
Nicodemo Gawronski, @Nijagaw has been hacking on Bugcrowd bounty programs since mid-2014 and is also a Penetration Tester at Sec-1 in the UK. He is ranked 8th on Bugcrowd’s all time leaderboard and was nominated in the 2015 Bugcrowd Buggy Awards for Most Valuable Hacker which awarded the researchers with overall high activity, low noise, and high impact. He has an acceptance rate of 99.11% and an average priority of 3.09.
Bugcrowd is excited to announce our March 2016 Hall of Fame winners! Huge recognition goes to mongo , who has topped the monthly leaderboard for the second month in a row due to his solid string of P1 and P2 submissions! To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance: