Bugcrowd is constantly looking for ways to improve the crowdsourced experience for program owners and researchers alike. Today’s feature release accomplishes both. While Bugcrowd offers full program management for all of our products and services, we also appreciate the value…
Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable…
As the quote goes, “if you don’t know where you’re going, you’ll end up someplace else”. This cliche, yet valid aphorism runs doubly true when running a crowdsourced security program. If we don’t have a clear idea of what success…
“What reward ranges should I set for my program?”, “How much should I pay for a given finding?”, and “What should my organization’s reward budget be for a successful program?” At Bugcrowd, we hear these questions time and time again…
Once you’ve launched your program, things are far from over - in fact, they’re just beginning. And that’s not a bad thing. Depending on the scope, the number of participating researchers, and other factors, some programs will start seeing vulnerability…
Running a successful bug bounty program starts far before the actual program launch date, and is a continuous and iterative process of improving and growing over time. The workflow and lifecycle of a managed bug bounty program can typically be…
We are always updating our Vulnerability Rating Taxonomy (VRT), integrating our learnings into each version update. We are thrilled to announce our latest release, VRT 1.7 in response to our community’s ongoing feedback through our open-sourced GitHub repository. Security misconfiguration…
A growing number of organizations across various industry sectors are adopting crowdsourced security, making it clear that this model is no longer just the future of cybersecurity - it is the here and now. Crowdsourced security is driving organizations to…
Too often we see security researchers, whitehat hackers, IT leaders, academics, and journalists reach out to organizations after discovering a vulnerability; only to find that there is no obvious channel to receive such report. With hundreds of vulnerabilities found daily,…
We recently hosted a webinar featuring VP of Information Security at InVision, Johnathan Hunt, and Bugcrowd, CSO David Baker discussing how success in crowdsourced security relies on expert program management. We had a great discussion going over how program management…
