skip to Main Content

Topic: Guest Blogs

Ethical Security Research on SecureDrop

The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior.

Read More

Moving Fast with Security

Our driving purpose at Ibotta is to reward our users with cash rebates that make a difference in their lives. They have entrusted their earnings with us, and it’s our responsibility to do our best to safeguard their accounts.

Read More

[Guest Blog] EARN CPES WITH BUG BOUNTY

This post original ran on the (ISC)² blog on June 1, 2017:

Since 2013, (ISC)² has been a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to our members. Bugcrowd is a leading provider of crowdsourced security and bug bounty programs, connecting organizations with more than 50,000 independent security researchers to identify vulnerabilities. As an (ISC)² member, you can participate in Bugcrowd’s bug bounty programs in exchange for CPE credits.

We encourage you to participate in this program to continue honing your security skills, and to apply those skills to help inspire a safe and secure cyber world.

To participate,

  1. Sign up as a Bugcrowd researcher at bugcrowd.com
  2. Find a bug in one of Bugcrowd’s bug bounty programs, including the (ISC)² Bug Bounty Program
  3. Earn up to 5 CPE credits for each valid bug found, depending on the severity of the vulnerability
  4. Enter your ISC2 # into your Bugcrowd Researcher profile settings, so that Bugcrowd can submit your contributions at the end of the month.

Members who participate in the program can earn as many as 15 CPE credits each year. As a security-centric organization, Bugcrowd values and encourages independent security research, even on their own products. Their bug bounty program helps them connect with the research community, and provides their organization with constant security feedback.

Keep your skills sharp and keep our site – and others – secure with the bug bounty program.

Learn more about the Bugcrowd and (ISC)² partnership

 

 

Read More

Centrify’s Bug Bounty Program with Bugcrowd

It’s an exciting time to be in information security. Black hats are attacking more web sites, constructing more 0-day threats and phishing more credentials and payment data. The proliferation of smart IoT devices and new technologies create opportunities for malicious activities. Nation State actors and the vulnerabilities they exploit are gaining visibility.

Read More

[Guest Blog] Calling All Bug Hunters: Sophos Teams Up with Bugcrowd

This post originally appeared on the Sophos Blog here.


Adversarial relationships between vendors and security researchers used to be common. Researchers would report a bug and the vendor – not all but certainly more than a few – would drag its feet in patching the problem. Then, the researcher would make the findings public and the vendor would criticize them for releasing information attackers could exploit.

Read More

OSS Security Maturity: Time to Put On Your Big Boy Pants!

oss-security-maturity.pngEarlier today we joined Jake Kouns, CISO of Risk Based Security, and Christine Gadsby, Director of Product Security at BlackBerry for a guest webcast. They gave their Black Hat 2016 talk ‘OSS Security Maturity: Time to Put on Your Big Boy Pants’ which analyzes the real risks of using OSS and the best way to manage its use within your organization.

This post is a high-level review of that presentation–you can watch the recording here and download their slides here.

Read More
Learn More About The Most Critical Vulnerabilities of 2019Download Report
+
Back To Top