skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

In the Name of Transparency

transparency-meme.jpgAt the beginning of the year, we made a decision to put some stakes in the ground.

 

We decided it was time to talk, write, argue, and share about sides of the bug bounty space that we interact with every day, but would otherwise rarely see the light of day… The kinds of things that some would consider as Bugcrowd’s “secret sauce.”

Why? Read on.

 

Read More

First Update to our Vulnerability Rating Taxonomy

vrt-2.pngOver a month ago, Bugcrowd published its Vulnerability Rating Taxonomy (VRT). We created the VRT to expose the community to common technical priority ratings for certain classes of bugs. Since its release, we have received a tremendous amount of feedback.

 

Based on this feedback, we have divided the Cross-Site Scripting (XSS) entries to provide additional granularity that captures priority variations for XSS within applications with multiple user privilege levels.

Read More

[Guest Blog] InfoSec’s New Mandate: Silo Smashing and Feedback Loop Amplification

The original post by James Wickett appeared originally on Signal Sciences Lab on 03/24/16.  


I have reached the age Silo Smashing and Feedback Loop Amplificationwhere friends are getting roles like CISO or Director of Security or Senior Architect. All important titles with crucial tasks ahead of them. Usually when friends take these roles they immediately realize that they have found themselves in unfamiliar waters. The skills that got them to that role are not the skills they need to succeed.

Read More

February 2016 Hall of Fame

Bugcrowd is excited to announce our February  2016 Hall of Fame winners!  Big recognition goes to mongo, who topped the February leaderboard with 432 points earned through multiple P1 and P2 submissions.  To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance.

Read More

Bugcrowd’s RSAC 2016 by the Numbers

72,000 Steps

Now that we’ve had a moment to settle from the chaos that was the 25th Annual RSA Conference on our home turf, we’d like to take a moment to jot down some thoughts and give you a look at our highlights – by the numbers. We’ll start with the average 72,000 steps “we” took from Monday to Friday, strutting our Bugcrowd gear around Moscone, meeting with incredible people, and generally getting amongst the action.
 
Read More

First Annual Buggy Awards Recap

Earlier today we held the First Annual Buggy Awards hosted by our CEO and Founder Casey Ellis, our Director of Customer Success Abby Mulligan, and our Sr. Director of Researcher Operations Kymberlee Price. The aim of these awards was to honor the top bug hunters and companies running bounty programs in 2015. These two groups of people are essential to our company success and are advancing the bug bounty and vulnerability disclosure space.

Read More

On the U.S. Government and Bug Bounties

My favorite thing about going to conferences is establishing the underlying trends behind the questions I’m asked. We’re only half-way through RSAC/BSides week, and already the dominant question is clear:

When is the government going to start a bug bounty program?

Here’s my answer:

The government has no choice but to adopt a crowdsourced model for vulnerability discovery, it’s more a question of when will the pain of staying the same exceed the pain of change.

Read More
Back To Top