skip to Main Content

Topic: Program Management

Bug Bounty Myth #7: Bounty Programs Are Too Hard To Run and Manage

Over the past months, we’ve addressed the bug bounty misconceptions outlined in our recent guide, 7 Bug Bounty Myths, Busted. So far we’ve…

  • Discussed the misconception that bug bounties are all public
  • Examined the types of companies engaging with the bug bounty model
  • Debunked the perception some have that bug bounties are too risky
  • Talked about the testers who participate in bug bounty programs
  • Analyzed the kinds of results they yield
  • Looked at the knobs and levers available to manage and plan for a bug bounty budget

Today we’re taking a look at what it really takes to manage a bug bounty program in our last post in this series…

Read More

Bug Bounty Myth #6: Bug Bounties are Hard to Budget For

In the past several weeks, we’ve been addressing bug bounty misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve…

  • Discussed the misconception that bug bounties are all public
  • Examined the types of companies engaging with the bug bounty model
  • Debunked the perception some have that bug bounties are too risky
  • Talked about the white hat hackers who participate in bug bounty programs
  • Analyzed the kinds of results they yield

Today we’re talking about the budget.

Read More

Bug Bounty Myth #5: They don’t yield high value results.

Although bug bounties have gained incredible traction over the past year, many people still have questions and misunderstandings about what they are and how they work.

In the past several weeks, we’ve been addressing some of those misconceptions in our guide, 7 Bug Bounty Myths, Busted. So far we’ve…

  • Discussed the misconception that bug bounties are all public
  • Examined the types of companies engaging with the bug bounty model
  • Debunked the perception some have that bug bounties are too risky
  • Talked about the hackers who participate in bug bounty programs.

Today we’re getting down to what it’s all about… the results.

Myth #5: Bug bounties don’t yield high-value results.

Read More

Bug Bounty Myth #3: Running a Bug Bounty Program is Too Risky

In our recently released guide, 7 Bug Bounty Myths, Busted, we addressed some common misconceptions about the bug bounty model. We’re spending some time each week to take a deeper dive into those myths one by one. We started by addressing the misconception that bug bounty programs are all public and open to everyone and last week discussed the types of companies engaging with the bug bounty model. This week, we’re talking about risk…  

Read More

Bug Bounty Myth #2: Only Tech Companies Run Bug Bounties

In our recently released guide, 7 Bug Bounty Myths, Busted, we addressed some common misconceptions about the bug bounty model and bug bounty programs. We’re spending some time each week to take a deeper dive at those myths one by one. Last week we talked about the misconception that bug bounties are all public, and are open to everyone. Today, we’re addressing a related misconception regarding the types of companies engaging with the bug bounty model.

Myth #2: Only tech companies run bug bounty programs

By taking a quick look at our public programs page, our customers page, and our ‘List’ page, it’s clear that this isn’t true.

Read More

Bug Bounty Myth #1: All Bug Bounty Programs are ‘Public’

This year, bug bounties have hit an all-time high in the news, and are well on their way to becoming a necessity in any mature security organization. Because of that buzz and the positive traction the bug bounty space is seeing, it’s easy for us to forget that this is still a new approach to security that not everyone fully understands. That’s why we’ve put our ears to the ground to pick up on some commonly held misconceptions about how they work, why they work, and for whom they’re ideal. 

Read More

3 Reasons Bugcrowd Researchers Keep Coming Back

2017 was a year for the books. The Equifax breach, the third Yahoo! breach, the Uber breach -- today nearly every American has been impacted by the loss of personally identifiable information (PII) data. And the threat continues to rise. Companies, healthcare systems, governmental…

Read More
Back To Top