skip to Main Content
Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable…
This guest blog is authored by Matt Hillary, Vice President of Security at Instructure and originally appeared on the Instructure blog. Every year, the Instructure security team attends DefCon to learn together with the greater security community about ways we…
Earlier this year, we took a closer look at why every company should have a vulnerability disclosure program. As veterans with combined 40+ years in the cybersecurity space, Bugcrowd founder and CTO Casey Ellis and CSO David Baker each gave…
In the past year, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) have released guidance outlining the need for vulnerability disclosure programs (VDP). With support from major legislative bodies like the National Institute of Standards and Technology,…
If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have…
Our most recent VRT Council led us through an interesting discussion, ultimately leading us to expedite the release of VRT 1.6. The release includes two major changes: revision to internal SSRF, and how we rate email spoofing, more specifically the…
Bug bounties have continued to grab headlines over the years – as evidenced by the fact that we’ve seen a 40% growth in program launches over the last year alone. As bug bounty programs move towards becoming more of a…
Building in security testing as part of continuous integration is emerging as an essential requirement in today’s DevOps world. Making this decision from the start enables those responsible for development and operations to make informed decisions about feature architecture, design,…
Today the White House rolled out its long awaited National Cybersecurity Strategy. It was very exciting - but also a little unsurprising - to see crowdsourced security front and center as one of the few named solutions: The United States…
We are thrilled to announce the newest release of our Vulnerability Rating Taxonomy, VRT 1.5! Updates made in this release are largely contributed to insights collected from the broader security community. In 2017, we decided to accept outsourced feedback by…
