Topic: Product Updates
Historically, vulnerability management programs have focused exclusively on vulnerabilities from automated tools; however, the success of any vulnerability management program relies on its ability to automatically consolidate vulnerability data and prioritize the remediation of each risk. Vulnerabilities discovered by a…
Bugcrowd has done it again! Today we announced an innovative enhancement to Crowdcontrol–introducing Traffic Control, a proprietary feature built to deliver a solution for secure crowdsourced security testing. Crowdsourced security testing has proven to be a cost-effective solution for uncovering security risks for…
We are excited to introduce new submission search and filtering capabilities to Crowdcontrol, built to optimize the time you spend finding submissions.
Over the last three years, we have seen a steady rise in vulnerability submissions, with a 67% increase in submissions year over year and a 73% increase of valid submissions. What is driving this steady rise? Our recent “2017 State of the Bug Bounty Report” discusses bounty adoption growth, citing a 77% increase in new programs over the last year. Of all the programs we run, 44% are organizations larger than 500 employees. Often times, organizations of this size have much larger attack surfaces, which can result in a high rate of submissions. In order to ensure our users are able to keep up with this increase in activity, they need novel ways to query their submissions.
Since the 1990’s, the internet has been filling our digital world with an insurmountable amount of content right at the edge of our fingertips. However, because of the amount, much of this content isn’t always applicable to you. So where do you go to easily find relatable information that yields the most value? Google, of course! In 1998, the company invented a simple solution to filter through a mass amount of data to find exactly what you are looking for, and fast!
Just as Google helps you find the most relevant content for you based on a simple search, Crowdcontrol now allows you to find the exact submission you are looking for. We recognize each user on Bugcrowd is unique–whether you are a researcher or customer; the importance of one query to an organization may not be important to another. With that in mind, Crowdcontrol’s new submission filtering offers a tokenized search capability, allowing you to easily search and find specific submissions.
In talking with our customers, and particularly larger customers, we often hear of the need to establish an open, public, and passive channel for vulnerability disclosure from their users, customers, and the broader security community. These customers aren’t always ready for a public bug bounty but they may already have an existing security@ email address. They often have an existing security page and want the ability to accept disclosures directly from their website.
Today we are excited to announce the latest version of our Vulnerability Rating Taxonomy – VRT 1.2.