By Bugcrowd Product Marketing Dec 3, 2020What’s a Vulnerability Disclosure Program? In the past year, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) have released guidance outlining the need for vulnerability disclosure programs (VDP). With support from major legislative bodies like the National Institute of Standards and Technology,… Read More
By Lauren Craigie Aug 13, 2020Ultimate Guide to Vulnerability Disclosure: Report Recap Vulnerability Disclosure Programs (VDPs) help organizations reduce risk across publicly-accessible assets by relying on the voluntary contributions of end-users, customers, and good-faith security researchers. But many organizations still have questions about how (and why) they should incorporate these programs into… Read More
By Bugcrowd Aug 5, 2020The Who, What, Where, and Why of VDPs The average iPhone app has just under 50,000 lines of code. Testing at these volumes, while factoring in pressure to launch on time, makes it nearly impossible to surface all potential vulnerabilities pre-production. Organizations need a way to identify vulnerabilities… Read More
By Lauren Craigie Jul 10, 2020Vulnerability Disclosure Programs: 7 Reasons Why CEOs Need Them Too Have you ever had a vendor claim to reduce attacks against your business? Unless they’re running some sort of protection racket, “reducing attacks” isn’t really possible. What they might mean is that they’ll help you avoid negative consequences from the… Read More
By Abigail Nguy Oct 2, 2019Bugcrowd Programs for Researchers: An Overview Researchers play a tremendous role in the success of Bugcrowd programs. With more researchers joining the Bugcrowd platform to help make the world a safer place, we want to take this opportunity to outline the several program types you may… Read More
By Grant McCracken Aug 22, 2019The Problem with Limited Scope Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable… Read More
By Bugcrowd Aug 13, 2019[Guest Post] Instructure’s Proven Security Vulnerability Disclosure Program This guest blog is authored by Matt Hillary, Vice President of Security at Instructure and originally appeared on the Instructure blog. Every year, the Instructure security team attends DefCon to learn together with the greater security community about ways we… Read More
By Bugcrowd Product Marketing Jul 9, 2019Why Every Company Should Have a Vulnerability Disclosure Program Earlier this year, we took a closer look at why every company should have a vulnerability disclosure program. As veterans with combined 40+ years in the cybersecurity space, Bugcrowd founder and CTO Casey Ellis and CSO David Baker each gave… Read More
By Casey Ellis Feb 8, 2019How Governments are Running Effective Bug Bounty Programs If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have… Read More
By Bugcrowd Nov 13, 2018Bugcrowd Releases Vulnerability Rating Taxonomy 1.6 Our most recent VRT Council led us through an interesting discussion, ultimately leading us to expedite the release of VRT 1.6. The release includes two major changes: revision to internal SSRF, and how we rate email spoofing, more specifically the… Read More