We are pleased to announce a brand new way for researchers to gain access to private programs: Waitlisted Programs! A few weeks ago, we launched Joinable Programs, where researchers can choose to join programs based on eligibility criteria. This was…
We are excited to launch Joinable Programs, a new feature meant to make it easier for researchers to find and join programs that had previously been kept behind the “private programs” wall. With the majority of programs being “invite-only,” previously…
This guest post originally appeared on the Binance blog. Binance is collaborating with Bugcrowd for a new, rewarding bug bounty bonus to ensure a more robust security system for our platform. Sign in the program today and earn multiple bonuses!…
Bugcrowd released disclose.io, the open-sourced safe harbor project, in August 2018. Since then, we’re pleased to report that companies have been leaning into the need for a safer and easier-to-navigate legal environment for whitehat hackers. To help this along, we’ve…
Today, we are excited to announce the winners of the 2019 Buggy Awards! We know that the success of our business, and of the crowdsourced security space, depends on the hard work of our customers and researcher community. For this…
This blog first appeared on 1Passwords' blog, and is written by customer Jeffrey Goldberg, Chief Defender Against the Dark Arts at 1Password. Just how strong should a 1Password Master Password be? We recommend that Master Passwords be generated using our wordlist generator…
This post is written by Bugcrowd engineers, Paul Friedman and Daniel Trauner. Bugcrowd is the pioneer and innovator of managed bug bounty programs, and nothing makes that more obvious than the success of our own program, which is celebrating its…
Earlier this week, Threatpost reported NETGEAR had fixed 50 vulnerabilities in its routers, switches, and NAS devices — many of which were reported via the company’s bug bounty program,
The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior.
We’re excited to announce our bug bounty program is moving from private to public! Dash is opening up its doors to more than 60,000 registered and verified Bugcrowd security experts around the world to detect issues on behalf of Dash and be rewarded in bug bounty payments. That means more vulnerabilities are discovered and fixed, and we’re all more secure as a result.
