By Michael Hamel Oct 1, 2021HEROES WANTED! Hack the Homeland for Challenge Coins Want to be a hero and collect some sweet challenge coins? Bugcrowd is proud to partner with the Cybersecurity and Infrastructure Security Agency (CISA). Through this partnership, we’re able to provide our community of researchers the opportunity to report vulnerabilities… Read More
By Santerra Holler Sep 27, 2021Bugcrowd Platform Behavior Standards REMEMBER THE HUMAN Over the years we’ve earned the trust of security researchers and customers through our tireless commitment to values as simple as respect, honesty, accountability, and embracing the hacker mindset. These straightforward company standards define not only our… Read More
By Erica Azad Aug 6, 2021The Trouble with Traditional Penetration Testing When it comes to pen testing, organizations require access to the skills they need when they need them. Large consultancy groups often leverage a “one-size-fits-all” approach to pen testing. Although the resumes these groups highlight may seem impressive, it’s rare… Read More
By Adam Foster Jul 23, 2021PrintNightmare: What You Need to Know PrintNightmare or PrinterNightmare is an interesting vulnerability currently impacting Microsoft systems. This vulnerability can be executed on remotely accessible systems and has a lot of potential for abuse by ransomware operators. Here are the basics: PrinterNightmare - CVE-2021-34527 CVE ID:… Read More
By Michael Skelton Jul 21, 2021The Shocking Truth You May Not Know About Being A Full-Time Bug Hunter For a lot of people, bug bounties present a way to escape the rat race. A way to exchange the handcuffs of employment for the freedom of autonomous control of one's day, and one's financial future. As appealing as that… Read More
By Casey Ellis Jul 7, 2021The Kaseya/REvil Attack Explained Why it Matters and How to Protect Yourself What Happened? At around 1400 EDT on July 2, attackers appear to have used a 0-day authentication bypass vulnerability in Internet-exposed instances of the Kaseya Virtual System Administrator (VSA) server software, a… Read More
By Erica Azad Jun 17, 2021Three Common Ways Organizations Get Hacked When it comes to security teams, one of the biggest priorities is reducing risk. A big part of reducing risk is creating a cybersecurity risk management strategy. As the world becomes more reliant on digital technology, risk management is becoming… Read More
By Andy White May 27, 2021How Bugcrowd sees Vulnerability Disclosure Programs and Points Starting June 1st at 17:00 Pacific Time (UTC-7), points on VDPs will be disabled. If you have already obtained points on VDPs, they will not disappear. Vulnerability Disclosure: It’s very important A vulnerability disclosure policy sets the rules of engagement… Read More
By Erica Azad May 26, 2021Vulnerability Disclosure Programs: Luxury or Necessity? Many organizations recognize the value and benefits of a Vulnerability Disclosure Program (VDP). But what are some of the consequences of not having a VDP? This infographic explores this question and examines if VDPs are a necessity or a luxury.… Read More
By Bugcrowd Product Marketing May 20, 2021Infographic: What are Vulnerabilities? Vulnerabilities are components of code that can be exploited to negatively impact the security of data, systems, people, or IP. According to ISO/IEC 29147:2018, a vulnerability is, "a behavior or set of conditions present in a system, product, component, or… Read More
