Unprecedented. Surreal. Wild. Dystopian. Unfathomable. Nobody saw this coming – where everyone is hunkering down with a pallet of toilet paper and crossing the street or taking some grand detour – all in an effort to avoid any human contact within six feet. The other day someone coughed in the line at the grocery store and half the people looked ready to flee the building. Was it too late to avoid what may or may not already be swirling around in the air they were now breathing? Or is it best to just finish buying that quart of Ben and Jerry’s to help get through the apocalypse that has us all talking about tigers?
Things have changed, and quickly at that. A month ago nobody knew who Joe Exotic or Carole Baskin were, and now we all do. Things are bleak in many respects – the stock market is down, we don’t know how long we’ll need to shelter-in-place, my upstairs neighbors sound like they’re raising a herd of elephants all day, and N95 masks are in short supply for those that need them the most.
In the tech world, many of us have been incredibly fortunate to work jobs that can be done remotely – which is an incredible blessing, considering that many others across the globe have not had that same fortune, resulting in millions of lost jobs. It’s rough out there. And the crazy part is that we don’t know how long it will last, or when it’ll get better. But if you’ve been following the news even slightly, you know all of this already – and my goal here isn’t to be a downer – in fact, despite the rampant uncertainty, I want to offer a bit of a silver lining.
And that silver lining is, in short, that uncertainty can be a powerful catalyst for reinvention, growth, and working today to prepare for when this passes. And it will pass.
Looking toward the unconventional – Part I
In times of uncertainty, more individuals start looking toward alternative means of income; and those who are already engaged in making money in alternate ways, they tend to double down to make sure they’ve got secure footing for the uncertain times ahead. What this means, is that in the last 30 days, Bugcrowd has seen:
- More researchers submitting than any month prior, and
- More total submissions than any prior month
To boot, everyone who is able to, is also working from home – eliminating time-consuming commutes, as well as any normal social obligations (aside from virtual game nights). Meaning that not only is there a larger catalyst for researchers to participate on bounties – but there’s also the time availability to do so. The data aside, I personally know multiple individuals that had previously stopped bug hunting due to time constraints, who have picked it up again over the last few weeks. Both because they’re looking to make a few extra dollars, and also because they now have the time. Bug hunting is a perfect work-from-home opportunity to either pick up extra income, or to put some of that cabin fever to work after six hours of Netflix (and hey, after watching Netflix, you can go hack on them.
For those who have always wanted to get into security (or get into any new field/hobby/obsession), but haven’t had the time – now is the perfect time. Not to be too opportunistic, but the forced isolation and boredom it brings are a great time to start exercising, cooking, and learning how to hack. I’ve been encouraging everyone on my team to sign up for a new course/certification during this time (and have done so myself). From the looks of things, we’re going to have at least another month of this – and while Netflix is chill now, at some point it’s worth investing some of that free time in improving yourself. And what better time to learn or improve a skill? Did I mention that we have a virtual conference upcoming (on May 9th) for that exact reason? And what better place to practice that new skillset, than by working on bounty programs? If you’ve already got skills you want to put to use immediately, I recommend checking out our Joinable and Waitlisted programs.
Looking toward the unconventional – Part II
In cost-cutting times like these, many organizations find themselves in the position of trying to find a cost-effective solution for identifying security vulnerabilities. Bug bounty is a great place to start. Aside from being the most effective application security solution on the market, it’s (a) pay for effort (you only get paid for valid findings); (b) you get to have your assets tested by the best security talent on the planet (with both public and private program options – as well as pentest compliance solutions); and (c) if you use Bugcrowd’s platform, it comes with our world-class triage team that triages and validates all the findings that come in – providing a near-perfect, best-in-class signal-to-noise ratio and Service Level Adherence score. This saves you both headcount and effort. There’s a whole litany of other reasons for why you should join Bugcrowd, but you can get in touch with us here.
In times like this, we all have to stick together – and though it’s been said before, Bugcrowd is here for you, regardless of who you are. For clients, we’re here to help however we can – helping you have the most successful programs and experience you can get. And to our researchers: as always, both Bugcrowd and our clients are only successful if you are. We want you to be successful, and to that end, we’re here to help, educate, give you the right opportunities, and anything else you need. Find us on Discord, Twitter, or support@bugcrowd. We’re here to talk, support, and provide whatever else you need.
Times are strange, and a lot of things feel up in the air right now – but in the midst of all the uncertainty, bug bounties and crowdsourced security are a resilient and growing space where the crowd and organizations can meet to a mutually beneficial end. After all, we’re in this together, and Bugcrowd is here to help and support through these crazy, crazy times.
Stay safe, and six feet away.