By Barnett Klane Mar 30, 2021VRT v1.10 Released: Flash downgrades and extended automotive categorization In our tenth release of the Vulnerability Rating Taxonomy (VRT), we’re continuing to meet the goals we prioritized from the start: Collaborate with the community to collect feedback and expertise to drive improvement Maintain a taxonomy that reflects the latest… Read More
By Grant McCracken Jan 10, 2021All You Need to Know About Bug Bounty Testing Environments If you’re looking to set up a bug bounty program, we've already covered step zero, setting your scope, and the importance of focus areas, as well as some considerations to make around exclusions on your program. For those of you… Read More
By Bugcrowd Product Marketing Oct 24, 2019Bugcrowd Introduces Self-Serve Program Announcements Bugcrowd is constantly looking for ways to improve the crowdsourced experience for program owners and researchers alike. Today’s feature release accomplishes both. While Bugcrowd offers full program management for all of our products and services, we also appreciate the value… Read More
By Grant McCracken Aug 22, 2019The Problem with Limited Scope Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable… Read More
By Grant McCracken May 15, 2019The Do’s and Don’ts of Writing Your Program Brief As the quote goes, “if you don’t know where you’re going, you’ll end up someplace else”. This cliche, yet valid aphorism runs doubly true when running a crowdsourced security program. If we don’t have a clear idea of what success… Read More
By Grant McCracken Apr 23, 2019Setting Up Your Program Reward Ranges “What reward ranges should I set for my program?”, “How much should I pay for a given finding?”, and “What should my organization’s reward budget be for a successful program?” At Bugcrowd, we hear these questions time and time again… Read More
By Grant McCracken Apr 4, 2019Maintaining Program Success & Being an Effective Program Owner Once you’ve launched your program, things are far from over - in fact, they’re just beginning. And that’s not a bad thing. Depending on the scope, the number of participating researchers, and other factors, some programs will start seeing vulnerability… Read More
By Grant McCracken Mar 20, 2019Process For Launching Your Crowdsourced Security Program Running a successful bug bounty program starts far before the actual program launch date, and is a continuous and iterative process of improving and growing over time. The workflow and lifecycle of a managed bug bounty program can typically be… Read More
By Bugcrowd Mar 14, 2019Bugcrowd Releases Vulnerability Rating Taxonomy 1.7 With New Automotive Security Misconfiguration We are always updating our Vulnerability Rating Taxonomy (VRT), integrating our learnings into each version update. We are thrilled to announce our latest release, VRT 1.7 in response to our community’s ongoing feedback through our open-sourced GitHub repository. Security misconfiguration… Read More
By Grant McCracken Mar 7, 2019Managing Your Crowdsourced Security Program for Success A growing number of organizations across various industry sectors are adopting crowdsourced security, making it clear that this model is no longer just the future of cybersecurity - it is the here and now. Crowdsourced security is driving organizations to… Read More
