Bugcrowd released disclose.io, the open-sourced safe harbor project, in August 2018. Since then, we’re pleased to report that companies have been leaning into the need for a safer and easier-to-navigate legal environment for whitehat hackers. To help this along, we’ve…
Today, we are excited to announce the winners of the 2019 Buggy Awards! We know that the success of our business, and of the crowdsourced security space, depends on the hard work of our customers and researcher community. For this…
This blog first appeared on 1Passwords' blog, and is written by customer Jeffrey Goldberg, Chief Defender Against the Dark Arts at 1Password. Just how strong should a 1Password Master Password be? We recommend that Master Passwords be generated using our wordlist generator…
This post is written by Bugcrowd engineers, Paul Friedman and Daniel Trauner. Bugcrowd is the pioneer and innovator of managed bug bounty programs, and nothing makes that more obvious than the success of our own program, which is celebrating its…
Earlier this week, Threatpost reported NETGEAR had fixed 50 vulnerabilities in its routers, switches, and NAS devices — many of which were reported via the company’s bug bounty program,
The SecureDrop engineering team welcomes the contributions of security researchers. SecureDrop is relied on by sources to talk with journalists at dozens of news organizations, many of whom are taking significant risks to bring information to the public eye. We want to do everything we can to make the whistleblowing process as safe for them as possible. Testing by external security researchers is an important part of that process. In order to minimize risk to SecureDrop users throughout the security research process, in this post we will describe how to ethically perform security research on SecureDrop and what constitutes acceptable and unacceptable behavior.
We’re excited to announce our bug bounty program is moving from private to public! Dash is opening up its doors to more than 60,000 registered and verified Bugcrowd security experts around the world to detect issues on behalf of Dash and be rewarded in bug bounty payments. That means more vulnerabilities are discovered and fixed, and we’re all more secure as a result.
Jet.com takes security seriously. One of the first major retailers to launch a bug bounty program more than two years ago, Jet.com began with a private bug bounty program, harnessing a small, curated group of Bugcrowd researchers before launching its public program to the full crowd just four months later.
This post originally appeared on the Sophos Blog here.
Adversarial relationships between vendors and security researchers used to be common. Researchers would report a bug and the vendor – not all but certainly more than a few – would drag its feet in patching the problem. Then, the researcher would make the findings public and the vendor would criticize them for releasing information attackers could exploit.
Our customers are leaders when it comes to security; they understand the value of harnessing the power of the crowd and the creativity of thousands of researchers that think like the adversary. Password manager technology 1Password is no exception.
