By Randy Young Jun 22, 2021Bugcrowd Announces the Availability of Self-Service Vulnerability Disclosure Programs Bugcrowd is excited to announce the launch of self-service Vulnerability Disclosure Programs (VDP). It's pretty easy—just enter a credit card to get started with our VDP service. You can now rapidly engage security feedback from anyone in the world within… Read More
By Erica Azad May 26, 2021Vulnerability Disclosure Programs: Luxury or Necessity? Many organizations recognize the value and benefits of a Vulnerability Disclosure Program (VDP). But what are some of the consequences of not having a VDP? This infographic explores this question and examines if VDPs are a necessity or a luxury.… Read More
By Bugcrowd Product Marketing May 20, 2021Infographic: What are Vulnerabilities? Vulnerabilities are components of code that can be exploited to negatively impact the security of data, systems, people, or IP. According to ISO/IEC 29147:2018, a vulnerability is, "a behavior or set of conditions present in a system, product, component, or… Read More
By Bugcrowd Product Marketing Dec 3, 2020What’s a Vulnerability Disclosure Program? In the past year, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) have released guidance outlining the need for vulnerability disclosure programs (VDP). With support from major legislative bodies like the National Institute of Standards and Technology,… Read More
By Bugcrowd Product Marketing Aug 13, 2020Ultimate Guide to Vulnerability Disclosure: Report Recap Vulnerability Disclosure Programs (VDPs) help organizations reduce risk across publicly-accessible assets by relying on the voluntary contributions of end-users, customers, and good-faith security researchers. But many organizations still have questions about how (and why) they should incorporate these programs into… Read More
By Bugcrowd Aug 5, 2020The Who, What, Where, and Why of VDPs The average iPhone app has just under 50,000 lines of code. Testing at these volumes, while factoring in pressure to launch on time, makes it nearly impossible to surface all potential vulnerabilities pre-production. Organizations need a way to identify vulnerabilities… Read More
By Michael Hamel Jul 27, 2020How we Measure Researcher Performance Just like talented employees need feedback to help them grow and improve while working at their company, we know that Researchers need ways to understand how they’re doing on our platform! However, quantifying and measuring performance metrics is easier said… Read More
By Guest Post Aug 27, 2019[GUEST POST] Minimizing Your Attack Surface – HiRoad & Crowdsourced Security This guest blog is authored by the HiRoad Security team. The auto insurance industry requires a great deal of information about customers in order to accurately measure risk and, for HiRoad, rewards for good driving. The insurance industry is also… Read More
By Grant McCracken Aug 22, 2019The Problem with Limited Scope Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable… Read More
By Bugcrowd Aug 13, 2019[Guest Post] Instructure’s Proven Security Vulnerability Disclosure Program This guest blog is authored by Matt Hillary, Vice President of Security at Instructure and originally appeared on the Instructure blog. Every year, the Instructure security team attends DefCon to learn together with the greater security community about ways we… Read More
