COVID-19 has been an unprecedented event, causing organizations across the globe to rethink how they work overnight. We recently spoke to four security leaders about how they’re navigating the business impacts of COVID-19 and asked them to share their best…
At Bugcrowd, we’re committed to making the digitally-connected world a safer place. And we couldn’t do so without the creativity and skills of our Crowd. So with October and National Cybersecurity Awareness Month (NCSAM) wrapping up, we wanted to share…
November is right around the corner, and so is the holiday shopping season. As consumers prepare to loosen their wallets, retailers are preparing to tighten their security. For many, this means restricting code changes to mission critical systems so that…
“First priority vulnerability in under 24 hours.” “10x more high priority vulnerabilities than traditional testing.” “Annual impact of two full time resources in under a week.” The benefits of crowdsourced vulnerability discovery programs are compelling. But I’m sure if you’re…
Bugcrowd has reported on the state of bug bounties since 2015, analyzing data from vulnerabilities submitted through the Crowdcontrol platform and on the Crowd itself. This year, we introduced the inaugural 2019 Priority One Report, expanding the scope of our…
The global security threat outlook continues to evolve -- the shift to the cloud, the push to mobile apps, and the adoption of IoT are opening up new attack vectors, causing an explosion of new security vulnerabilities. With major vulnerabilities…
As the healthcare industry continues to move into the digital age, each new technology that provides value to patients, organizations, and caregivers also brings with it unique cybersecurity risks. IT systems, connected medical devices, digital health applications, electronic patient records…
Earlier this year, we took a closer look at why every company should have a vulnerability disclosure program. As veterans with combined 40+ years in the cybersecurity space, Bugcrowd founder and CTO Casey Ellis and CSO David Baker each gave…
In the past year, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) have released guidance outlining the need for vulnerability disclosure programs (VDP). With support from major legislative bodies like the National Institute of Standards and Technology,…
We are always updating our Vulnerability Rating Taxonomy (VRT), integrating our learnings into each version update. We are thrilled to announce our latest release, VRT 1.7 in response to our community’s ongoing feedback through our open-sourced GitHub repository. Security misconfiguration…
