Have you ever had a vendor claim to reduce attacks against your business? Unless they’re running some sort of protection racket, “reducing attacks” isn’t really possible. What they might mean is that they’ll help you avoid negative consequences from the…
Security is a team sport. The information held by fellow security practitioners and researchers has the power to affect how and when we respond to adversarial threats. The sooner this information can be shared, the sooner it can be actioned…
This guest blog was authored by the StackPath security team. StackPath is a platform of secure edge services that enables developers to protect, accelerate, and innovate cloud properties ranging from websites to media delivery and IoT services. As a leading…
This guest blog is authored by the HiRoad Security team. The auto insurance industry requires a great deal of information about customers in order to accurately measure risk and, for HiRoad, rewards for good driving. The insurance industry is also…
Attack surface has grown exponentially for many organizations, and with it, their susceptibility to weaknesses. To combat this reality, security teams utilizing crowdsourced security solutions have expanded their program scopes to include more and more of their ever-evolving assets. Notable…
Earlier this year, we took a closer look at why every company should have a vulnerability disclosure program. As veterans with combined 40+ years in the cybersecurity space, Bugcrowd founder and CTO Casey Ellis and CSO David Baker each gave…
In the past year, the U.S. Federal Trade Commission (FTC) and Department of Justice (DOJ) have released guidance outlining the need for vulnerability disclosure programs (VDP). With support from major legislative bodies like the National Institute of Standards and Technology,…
Last week Bugcrowd attended Gartner's annual Security and Risk Management Summit in Washington, D.C. While I know what a city built on a swamp does to your hair, I'm still happy to return every June to catch up with analysts,…
A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet asking about Bugcrowd’s approach to disclosure policy defaults. The short version of the thread was concern around a statement in our…
Last week, the House voted to approve H.R. 6735, a bill that directs the Homeland Security Secretary to establish a vulnerability disclosure policy for the agency’s websites. This was a swift decision -- The House Homeland Security Committee advanced this…
