By Bugcrowd Product Marketing Dec 3, 2020What’s a Vulnerability Disclosure Program? In the past year, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) have released guidance outlining the need for vulnerability disclosure programs (VDP). With support from major legislative bodies like the National Institute of Standards and Technology,… Read More
By Lauren Craigie Aug 13, 2020Ultimate Guide to Vulnerability Disclosure: Report Recap Vulnerability Disclosure Programs (VDPs) help organizations reduce risk across publicly-accessible assets by relying on the voluntary contributions of end-users, customers, and good-faith security researchers. But many organizations still have questions about how (and why) they should incorporate these programs into… Read More
By Bugcrowd Aug 5, 2020The Who, What, Where, and Why of VDPs The average iPhone app has just under 50,000 lines of code. Testing at these volumes, while factoring in pressure to launch on time, makes it nearly impossible to surface all potential vulnerabilities pre-production. Organizations need a way to identify vulnerabilities… Read More
By Breonna Burrell Jul 27, 2020How we Measure Researcher Performance Just like talented employees need feedback to help them grow and improve while working at their company, we know that Researchers need ways to understand how they’re doing on our platform! However, quantifying and measuring performance metrics is easier said… Read More
By Guest Post Aug 27, 2019[GUEST POST] Minimizing Your Attack Surface – HiRoad & Crowdsourced Security This guest blog is authored by the HiRoad Security team. The auto insurance industry requires a great deal of information about customers in order to accurately measure risk and, for HiRoad, rewards for good driving. The insurance industry is also… Read More
By Grant McCracken Aug 22, 2019The Problem with Limited Scope Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable… Read More
By Bugcrowd Aug 13, 2019[Guest Post] Instructure’s Proven Security Vulnerability Disclosure Program This guest blog is authored by Matt Hillary, Vice President of Security at Instructure and originally appeared on the Instructure blog. Every year, the Instructure security team attends DefCon to learn together with the greater security community about ways we… Read More
By Bugcrowd Jul 23, 2019[Guest Post] Vulnerability Disclosure at Okta: Everything You Need to Know This guest blog is authored by Matias Brutti, Director of Research and Exploitation at Okta, and originally appeared on the Okta Security Blog. Protecting our customers, partners, and other stakeholders has always been the Okta Security Team’s top priority. We have… Read More
By Bugcrowd Product Marketing Jul 9, 2019Why Every Company Should Have a Vulnerability Disclosure Program Earlier this year, we took a closer look at why every company should have a vulnerability disclosure program. As veterans with combined 40+ years in the cybersecurity space, Bugcrowd founder and CTO Casey Ellis and CSO David Baker each gave… Read More
By Lauren Craigie Jun 26, 2019Trust, Vulnerability, and Fighter Pilots: Key Takeaways from the Gartner Security and Risk Management Summit Last week Bugcrowd attended Gartner's annual Security and Risk Management Summit in Washington, D.C. While I know what a city built on a swamp does to your hair, I'm still happy to return every June to catch up with analysts,… Read More