skip to Main Content
This guest blog is authored by the HiRoad Security team. The auto insurance industry requires a great deal of information about customers in order to accurately measure risk and, for HiRoad, rewards for good driving. The insurance industry is also…
Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable…
Earlier this year, we took a closer look at why every company should have a vulnerability disclosure program. As veterans with combined 40+ years in the cybersecurity space, Bugcrowd founder and CTO Casey Ellis and CSO David Baker each gave…
In the past year, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) have released guidance outlining the need for vulnerability disclosure programs (VDP). With support from major legislative bodies like the National Institute of Standards and Technology,…
Last week Bugcrowd attended Gartner's annual Security and Risk Management Summit in Washington, D.C. While I know what a city built on a swamp does to your hair, I'm still happy to return every June to catch up with analysts,…
A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet asking about Bugcrowd’s approach to disclosure policy defaults. The short version of the thread was concern around a statement in our…
Last week, the House voted to approve H.R. 6735, a bill that directs the Homeland Security Secretary to establish a vulnerability disclosure policy for the agency’s websites. This was a swift decision -- The House Homeland Security Committee advanced this…
This blog was written by Stu Hirst, Head Of Security Engineering, Photobox Group I’ve been a believer in the power of the bug bounty model since 2015 when I ran my first 2-week program with Bugcrowd. During that program the researchers…
Next week (March 1), new regulations from the New York State Department of Financial Services (DFS) will take effect, giving financial services firms licensed to operate in New York 180 days to improve their security based on new requirements. The…
In order for Researchers to be successful, it is vital to clearly communicate expectations. We have refined verbiage in both the Bugcrowd Standard Disclosure Terms and the Bugcrowd Researcher Code of Conduct, and these changes are highlighted below: In the…
