By Casey Ellis Oct 27, 2015Art Coviello Joins Our Board of Directors We are excited to announce the newest member of the Bugcrowd Board of Directors, industry icon and veteran driver of cybersecurity innovation, Art Coviello Jr.Bugcrowd’s view has always been that the economic and resourcing model of the bug bounty programs pioneered by Netscape, Google and Facebook is more that just the “latest and greatest tech-company fad.” It’s a necessary and inevitable evolution in security assessment, and it’s benefits will impact the entire IT ecosystem. Read More
By Bugcrowd Researcher Success Oct 21, 2015Researcher Spotlight – Ciaran “Mak” McNally At Bugcrowd we’ve heard from many researchers that they would love to do bug hunting full-time. Many researchers have used bug bounties as way to supplement their income, build up their skills, increase the size of their professional network and the number of work opportunities available to them. Read More
By Bugcrowd Oct 16, 2015September 2015 Hall of Fame September 2015 Hall of Fame announcement time! Big recognition goes to securityidiots, who topped the September leaderboard with 329 points earned through multiple P1 and P2 submissions. Read More
By Casey Ellis Oct 8, 20153 Years, 20,000 Security Researchers, and Nearly 200 Clients Later… 2012 was the year that almost every industry, banking, education, government, big tech and even security, was hacked. Many, if not all of these companies were doing “all” they could to protect themselves against these hacks, and yet they were still left vulnerable. In direct response to this, 2012 was also the year we built Bugcrowd to beat an army of adversaries with an army of allies. Read More
By Kaila Pollart Sep 3, 2015August 2015 Hall of Fame It is time for the August 2015 Hall of Fame, our first month running with the new kudos points award model. Big recognition goes to harie_cool, who has topped the monthly leaderboard 2 months straight due to his solid string of P1 and P2 submissions. Read More
By Bugcrowd Researcher Success Aug 24, 2015Researcher interviews from DEFCON 23 At DEFCON 23 this year we interviewed a few members of the Bugcrowd Researcher community, getting their impressions of DEFCON and gathering some tips & tricks for bug bounty hunters. Read More
By Bugcrowd Aug 14, 2015Vulnerability Prioritization at Bugcrowd The only way for a security team to effectively manage risk is vulnerability prioritization and management. There are many different prioritization models used across the industry that are based on vulnerability risk and impact. Without a clear prioritization model, how do you know what to fix first? Highest CVSS Score? FIFO? LIFO? Externally known issues? Whatever your prioritization plan is, it needs to be documented and updated as threats to your business change. Read More
By Kaila Pollart Aug 13, 2015July 2015 Hall of Fame It is time for the July 2015 Hall of Fame, and this month we had an unusual situation. We ran an internal project for our Application Security Engineers, and jhaddix crushed it. But the performance bonus program is for the Crowd, not employees. As a result, in July we are awarding the 1st, 2nd, and 4th place researchers. To thank these individuals for their hard work, Bugcrowd is pleased to announce the following researchers will receive July 2015 performance bonuses: Read More
By Casey Ellis Aug 11, 2015On Oracle, Mary Ann Davidson, and the dark side of security research Let me say clearly and upfront: As the founder of a company that manages a community of security researchers, I empathize with Mary Ann Davies’ frustrations… but I also strongly disagree with her approach. Read More
By Jason Haddix Jul 27, 2015Finding An InfoSec Job A lot of organizations out there are looking talented hackers right now. Defense, offense, Ops, Dev, you name it, if you have skills then someone is probably looking for you! The problem doesn’t seem to be the *need* but a concise way to finding/getting these positions. Here are a few notes and resources we love for helping connect awesome researchers with awesome companies (it’s kinda a thing we do here). Read More