This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.
Accept
Learn More

Posts by Topic

Bug Bounty Management Bugcrowd News Bugcrowd Spotlight Bug Hunter Methodology Community Spotlight Company Resources Conferences & Events Customer Case Study Cybersecurity News Guest Blogs Product Spotlight Product Updates Program Launches Program Management Program Updates Report Recap Researcher Event Researcher Resources Researcher Spotlight Success Stories Thought Leadership Vulnerabilities Vulnerability Disclosure Webinar Recap Winner's Circle

Posts By Author

Abigail Nguy Amp Somers Ashish Gupta Barnett Klane Breonna Burrell Bugcrowd Bugcrowd Customer Marketing Bugcrowd Product Marketing Bugcrowd Researcher Success Casey Ellis David Baker Erica Azad Grant McCracken Guest Post Jason Haddix Kaila Pollart Kaushik Srinivas Lauren Craigie Luke Stephens Mari Kemp Michael Hamel Michael Skelton Omar Carmical Randy Young Ryan Black Shpend Kurtishaj

Topic: Guest Blogs

Centrify’s Bug Bounty Program with Bugcrowd

It’s an exciting time to be in information security. Black hats are attacking more web sites, constructing more 0-day threats and phishing more credentials and payment data. The proliferation of smart IoT devices and new technologies create opportunities for malicious activities. Nation State actors and the vulnerabilities they exploit are gaining visibility.

Read More

[Guest Blog] Calling All Bug Hunters: Sophos Teams Up with Bugcrowd

This post originally appeared on the Sophos Blog here.

Adversarial relationships between vendors and security researchers used to be common. Researchers would report a bug and the vendor – not all but certainly more than a few – would drag its feet in patching the problem. Then, the researcher would make the findings public and the vendor would criticize them for releasing information attackers could exploit.

Read More

OSS Security Maturity: Time to Put On Your Big Boy Pants!

Earlier today we joined Jake Kouns, CISO of Risk Based Security, and Christine Gadsby, Director of Product Security at BlackBerry for a guest webcast. They gave their Black Hat 2016 talk ‘OSS Security Maturity: Time to Put on Your Big Boy Pants’ which analyzes the real risks of using OSS and the best way to manage its use within your organization.

This post is a high-level review of that presentation–you can watch the recording here and download their slides here.

Read More

[Guest Blog] Skyscanner’s Adventures in Bug Bounties

Posted originally on by Stuart Hirst on Skyskanner’s Code Voyager Blog

Skyscanner has a culture of innovation and continuous improvement. For our IT security function, the ‘Security Squad’, it is no different. External security testing had previously taken the form of standard penetration testing, which brought considerable value and helped improve security posture. However, our Squad wanted to look at new ways of testing the products that we help secure on a daily basis. In early 2015, we began to investigate the possibility of a crowd-sourced testing mechanism.

Read More

Bug Bounties and NGWAF: 1+1=3

Return on Investment – ROI. Sales departments have to show it, marketing departments have to show it, and of course, security departments do too. At the end of the day we all need to show where the dollars are going, and security teams have the additional burden of correlating those dollars spent with the elimination of risk – or the perceived elimination of risk.

Read More

[Guest Blog] InfoSec’s New Mandate: Silo Smashing and Feedback Loop Amplification

The original post by James Wickett appeared originally on Signal Sciences Lab on 03/24/16.  

I have reached the age Silo Smashing and Feedback Loop Amplificationwhere friends are getting roles like CISO or Director of Security or Senior Architect. All important titles with crucial tasks ahead of them. Usually when friends take these roles they immediately realize that they have found themselves in unfamiliar waters. The skills that got them to that role are not the skills they need to succeed.

Read More

Advice From A Researcher: How To Approach A Target

Editor’s Note: Today I’d like to introduce you to Bugcrowd member Anshuman Bhartiya (anshuman_bh). As an information security professional as well as bug bounty researcher, Anshuman has helped improve the security of many organizations. He has submitted several P1 & P2 bugs leading to his high standing within the programs he is involved in. As an active member on our Bugcrowd forum he also contributes to the bug bounty researcher community. This blog is from one of his responses on the forum that he has allowed us to post here. We are thrilled to share his thoughts and experience on how to successfully approach a target. Thanks!

Read More
Back To Top