Topic: Company Resources
Last week, David Baker (Bugcrowd’s Chief Security Officer) released a blog post discussing why it’s important to understand researcher motivations in order to run a successful bug bounty program. Furthermore – to enable current and future customers to get a better handle on what drives security researchers at Bugcrowd – we released the Inside the Mind of a Hacker (version 2.0) report covering a broad range of metrics around who the Crowd is comprised of; including data on age, level of education, geographic location, and most importantly – what motivates us (and I use the term “us”, because I myself am a security researcher on Bugcrowd).
Last week, we released our second annual Inside the Mind of a Hacker 2.0 report. We dove into different hacker profiles, their motivations for hacking, and the impact building a relationship makes on a successful bug bounty program. We found lots of interesting stats on our bug hunting community, both expected and surprising.
Last year, we launched the Inside the Mind of a Hacker report, sharing insights into the distinct profiles and stories, gathered from the Bugcrowd researcher community. Today we’re launching our second iteration on this, Inside the Mind of a Hacker 2.0, diving deeper into the collective power and intelligence the bug bounty community brings to the war on bugs.
The stakes have never been greater, it seems. Breaches and attacks from independent actors or nation states have increased in number and their impact can be felt by all. At Bugcrowd, we’ve built a community of more than 65,000 security researchers and white-hat hackers that is helping organizations around the globe increase their defenses by finding and resolving security vulnerabilities at break-neck speed.
Earlier this week, Threatpost reported NETGEAR had fixed 50 vulnerabilities in its routers, switches, and NAS devices — many of which were reported via the company’s bug bounty program,
It’s common knowledge that the security industry has been facing a massive shortage of resources. Add the fact that companies are accelerating their cloud presence and growing an API ecosystem of their own. CISOs are up-leveling their security strategy by adding bug bounty programs to their toolbox.
Last week, we released our third annual State of Bug Bounty Report. We were really excited to see the momentum around enterprise adoption, and this year’s report highlights not only the continued growth of the bug bounty model, but also the economics around bug bounty payouts, trends in vulnerabilities, and the continued growth of the crowd.
The management of vulnerability reports can be painfully time-consuming. Organizations hardly have the time or resources to triage and validate incoming vulnerability findings from outside researchers. We recognized the need to ease this pain in 2012 and since then, have provided our customers with full-scale bug bounty support and services, of which include expert technical review and escalation of valid vulnerability submissions. In addition, our teams provide the facilitation of researcher communications crucial for detailed reports, deeper context, and high engagement.