skip to Main Content

Topic: Bugcrowd News

Q4 Researcher Promotion: Thick Client Targets

As the bug bounty space has matured, the range of targets to test against has expanded and diversified incredibly. Our programs offer a broad range of targets, from web and mobile, to APIs and IoT devices (even cars)! Over the last several months, Bugcrowd has launched more and more bounty programs that feature thick client applications.

Whether you have skills in testing thick client software, or want to expand your expertise, Bugcrowd has several public programs and numerous private programs available for you to hack on for fun and profit. This quarter we’re running a limited time promotion for all submissions found in thick client applications.  

Read More

Big Bugs | Episode 6: API Security and the Internet of Things w/ Fitbit

The unprecedented growth and adoption of connected devices have created innumerable threats for organizations, manufacturers, and consumers, while at the same time creating unprecedented opportunities for hackers. In this episode of Big Bugs, Jason Haddix joins Fitbit’s security team to explore what it takes to effectively hack connected devices through APIs, and how the role of defenders has evolved in this domain.

The speakers explore the growing prevalence of connected devices in our lives, the use of APIs, the increasing importance of API testing in its new form (REST vs older XML based testing), and how it’s a valuable skillset for researchers as well as organizations.

Read More

Inside the Mind of a Hacker: Bugcrowd’s 2016 Bug Hunter Community Report

Over the past four years that we’ve been helping organizations connect with the world’s top security talent to run crowdsourced security programs, a lot has changed. In our recent State of Bug Bounty Report, we examine that change with proof that more traditional organizations adopting the bug bounty model, more private programs being run, and so on and so forth.

The crux of that change, however, lies in the community. Whether you call them hackers, bug hunters, or security researchers, they make the bug bounty world go ’round. As this niche grows and evolves from the small group it once was, it is becoming more nuanced, and the motivations of bug hunters vary widely.

Read More

July 2016 Hall of Fame

Bugcrowd is excited to announce our July 2016 Hall of Fame winners! Apologies for the delay in posting this, but we spent all last week in Las Vegas at Black Hat/DEFCON (you can read all about it here)!

Once again, mert has topped the June leaderboard with his amazing work across our platform. Following up, we’re happy to have VINOTHKUMAR in second place, and krbtgt rounding out the top three. To thank our top performers for their hard work, Bugcrowd is pleased to announce that all three researchers will receive bonuses for their performance.

Read More

Ring ring! Hello, Mobile Testers?

In April we announced a Mobile bonus reward program for researchers that submitted valid, non-duplicate mobile vulnerabilities for a chance to win $1000, and in early June we expanded the program to two bonuses. We are excited to announce our two winners, and congratulate putsi and robinooklay for their mobile submissions!

Read More

Fiat Chrysler – The First Full-Line Automaker to Launch a Paid Public Bug Bounty Program

2015 was the year the public perception of automobile safety changed forever… Chris Valasek and Charlie Miller’s notorious Jeep Cherokee hack transformed the idea of the humble automobile into a 2-tonne computer that can be hacked just like any other. In recent years, automakers are realising that hackers just like Charlie and Chris are already at the table, ready and willing to help, and are leveraging the work coming out of this community to make their products safer from cyber threats.

We are excited to announce that Fiat Chrysler Automobiles is joining the ranks of those pioneering this relationship, by becoming one of the first automakers to launch a bug bounty program.

Read More

June 2016 Leaderboard

Bugcrowd is excited to announce our June 2016 Hall of Fame winners! Apologies for the delay in posting this, but I’m sure you’ve all seen that we’re pretty busy planning big things for Black Hat + DEFCON this August.

Once again, mongo has topped the June leaderboard with his amazing work across our platform. Following up, we’re happy to have mert in second place, and Web_Plus rounding out the top three. To thank our top performers for their hard work, Bugcrowd is pleased to announce that all three researchers will receive bonuses for their performance.

Read More

Bugcrowd’s 2nd Annual State of Bug Bounty Report – A Note from the CEO

sobb-2016-preview-040412-edited.jpgBugcrowd has always held education and sharing as a core value, which is why I’m very pleased to announce the release of our second annual State of Bug Bounty Report.

This 22-page document gives the reader an up-close and personal look at the evolving dynamics of the bug bounty market, and deeper insight into the early stages of the “unlikely romance” blossoming between hackers and organizations. Read the full report

Read More

May 2016 Leaderboard

Bugcrowd is excited to announce our May 2016 Hall of Fame winners!  Big recognition goes to mert, who topped the May leaderboard with an astouding 786 points earned through multiple last minute P1 and P2 submissions.  To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance.

Read More

April 2016 Leaderboard

Time for the April Hall of Fame announcement of 2016!  Big recognition once again goes to mongo, who topped the April leaderboard with an astounding 1039 points earned through multiple P1 submissions.

Read More
Learn More About The Day in The Life of a Pen Tester ( Episode 4 )Register Now
+
Back To Top