skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

Topic: Guest Blogs

Launching the Netflix Public Bug Bounty Program

This customer blog post originally appeared on Netflix's Tech Blog, written by Sunil Agrawal, Scott Behrens, Dave King, Astha Singhal, Patrick Thomas, Andy Hoernecke, Madan Sriraman. Netflix’s goal is to deliver joy to our 117+ million members around the world, and…

Read More

Ethical Security Research on SecureDrop

The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior.

Read More

Moving Fast with Security

Our driving purpose at Ibotta is to reward our users with cash rebates that make a difference in their lives. They have entrusted their earnings with us, and it’s our responsibility to do our best to safeguard their accounts.

Read More

[Guest Blog] EARN CPES WITH BUG BOUNTY

This post original ran on the (ISC)² blog on June 1, 2017:

Since 2013, (ISC)² has been a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to our members. Bugcrowd is a leading provider of crowdsourced security and bug bounty programs, connecting organizations with more than 50,000 independent security researchers to identify vulnerabilities. As an (ISC)² member, you can participate in Bugcrowd’s bug bounty programs in exchange for CPE credits.

We encourage you to participate in this program to continue honing your security skills, and to apply those skills to help inspire a safe and secure cyber world.

To participate,

  1. Sign up as a Bugcrowd researcher at bugcrowd.com
  2. Find a bug in one of Bugcrowd’s bug bounty programs, including the (ISC)² Bug Bounty Program
  3. Earn up to 5 CPE credits for each valid bug found, depending on the severity of the vulnerability
  4. Enter your ISC2 # into your Bugcrowd Researcher profile settings, so that Bugcrowd can submit your contributions at the end of the month.

Members who participate in the program can earn as many as 15 CPE credits each year. As a security-centric organization, Bugcrowd values and encourages independent security research, even on their own products. Their bug bounty program helps them connect with the research community, and provides their organization with constant security feedback.

Keep your skills sharp and keep our site – and others – secure with the bug bounty program.

Learn more about the Bugcrowd and (ISC)² partnership

 

 

Read More

Centrify’s Bug Bounty Program with Bugcrowd

It’s an exciting time to be in information security. Black hats are attacking more web sites, constructing more 0-day threats and phishing more credentials and payment data. The proliferation of smart IoT devices and new technologies create opportunities for malicious activities. Nation State actors and the vulnerabilities they exploit are gaining visibility.

Read More

[Guest Blog] Calling All Bug Hunters: Sophos Teams Up with Bugcrowd

This post originally appeared on the Sophos Blog here.


Adversarial relationships between vendors and security researchers used to be common. Researchers would report a bug and the vendor – not all but certainly more than a few – would drag its feet in patching the problem. Then, the researcher would make the findings public and the vendor would criticize them for releasing information attackers could exploit.

Read More
Back To Top