skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

Topic: Program Management

Bug Bounty Myth #1: All Bug Bounty Programs are ‘Public’

This year, bug bounties have hit an all-time high in the news, and are well on their way to becoming a necessity in any mature security organization. Because of that buzz and the positive traction the bug bounty space is seeing, it’s easy for us to forget that this is still a new approach to security that not everyone fully understands. That’s why we’ve put our ears to the ground to pick up on some commonly held misconceptions about how they work, why they work, and for whom they’re ideal. 

Read More

Setting the Bar High for Bug Bounty Triage and Validation

Running a bug bounty program on your own is difficult. Imagine receiving hundreds of vulnerability submissions weekly, many of them unimportant, and many of them duplicates of known vulnerabilities. Once you weed through those submissions, you'll have to respond if needed, prioritize…

Read More

3 Reasons Bugcrowd Researchers Keep Coming Back

2017 was a year for the books. The Equifax breach, the third Yahoo! breach, the Uber breach -- today nearly every American has been impacted by the loss of personally identifiable information (PII) data. And the threat continues to rise. Companies, healthcare systems, governmental…

Read More

Leveraging Policy and a Purpose-built Platform to Steer the Ship in SecOps

Crowdsourced security testing and vulnerability disclosure programs require the right combination of policy, resources, and support to be successful. Bugcrowd’s leading platform and team bring years of experience facilitating success with whiteglove management of these programs. From the policy design, launch, and submission management our Operations team is a close partner of our talented researcher community and customers.

Read More

Why a DIY Bug Bounty is a Bad Idea

The management of vulnerability reports can be painfully time-consuming. Organizations hardly have the time or resources to triage and validate incoming vulnerability findings from outside researchers. We recognized the need to ease this pain in 2012 and since then, have provided our customers with full-scale bug bounty support and services, of which include expert technical review and escalation of valid vulnerability submissions. In addition, our teams provide the facilitation of researcher communications crucial for detailed reports, deeper context, and high engagement.

Read More
Back To Top