Bugcrowd's second annual report shows the current state of the bug bounty ecosystem, with data from organizations running bug bounty programs and security researchers participating in them.Read more about it →
This comprehensive guide explores the top three ways bug bounties outperform penetration tests and deliver improved volume and quality of results.
This guide explores the current challenges within the application security landscape, why they're hurting your SDLC, and how bug bounties can improve your security strategy.
This industry report takes a look at the unique challenges that security vendors face and how bug bounty programs are helping them overcome those challenges.
Building on the success of its private program, Intercom is now launching a public bug bounty program to leverage the full scope of Bugcrowd’s curated crowd of 50,000 cybersecurity researchers to help implement a secure development lifecycle and protect customer data.
Learn more about how a fully managed bug bounty program helped InVision's security team save 80% of their time running their bounty program.
Qualys, Inc. (NASDAQ: QLYS), a
pioneer and leading provider of cloud-based security and compliance solutions
and Bugcrowd, the leader in crowdsourced security testing, today announced joint
development integrations allowing joint customers a unique ability to share
vulnerability data across automated web application scanning and crowdsourced
bug bounty programs.
“The new Bugcrowd platform capabilities will reduce the time Magento’s software developers spend synchronizing vulnerability data across our infrastructure,” said John Steer, chief of product security, Magento. “The new API capabilities will allow us to have a more unified picture of our security status and reduce our costs.”
“Bugcrowd has capitalized on the gig economy to not only fulfill a tremendous market need, but to also fundamentally change the way organizations approach security,” said David Baker, vice president of operations, Bugcrowd. “As a customer, I experienced the power of Bugcrowd’s model firsthand and I’m thrilled to join the team as we revolutionize the information security industry.”
Download this report to find out what the top application security challenges will be over the next twelve months, as well as how bug bounties are helping organizations overcome them.
A new study of one hundred CISOs revealed that 94 percent are concerned about breaches in their publicly facing assets in the next 12 months, particularly within their applications. The study, “CISO Investment Blueprint for 2017” by leading crowdsourced security provider Bugcrowd, reveals the top application security challenges that are making organizations most vulnerable, and what security leaders are doing about it.
Learn about the evolution of Twilio's bug bounty program over the years and how they've successfully engaged with security researchers to improve their product security.
Bugcrowd’s curated crowd, simple-to-use platform and deep program expertise help make NETGEAR’s products safe and secure for consumers to use
Fourth consecutive year of growth proved enterprise market adoption of bug bounties, included key executive appointments and team expansion
At Bugcrowd we love Grace Hopper, the original bug hunter. Learn more about her legacy and how to donate to her foundation.
Over the past twelve months we’ve witnessed a shift in how companies are tackling their application security challenges. Join a CISO, an AppSec guru, and IoT security expert to hear industry leading perspectives on the trends that have emerged over the past year, and what to look forward to in the next.
Okta’s public bug bounty program harnesses the power of Bugcrowd’s curated, user-friendly platform and deep program expertise
From confusion about how bug bounties work to questioning their effectiveness (and everything in between) we dug into our data investigate the 7 Biggest Bug Bounty Myths.
InVision ensures the safety of its customers' data with the launch of a public bug bounty program with Bugcrowd.
Learn more about Aruba has implemented a private bug bounty program to work closely with the crowd and the success they've seen.
Learn more about the current bug bounty landscape and trends from Bugcrowd's CEO, Casey Ellis, SANS Analyst, John Pescatore, and Okta CISO, David Baker.
Learn why and how financial services industry is looking to bug bounty programs to strengthen their application security and protect customer data.
In this webcast, join well-known hacker and bug hunting advocate Jason Haddix, as he analyzes the evolution of IoT security and the mistakes and developments that have led us to where we are today.
In this report we highlight a few specific bug hunters in the global Bugcrowd community, examine different motivations of different types of bug hunters and provide 'action items' for program owners to tap into different segments of researchers.
From exploration to iteration, download the bug bounty lifecycle graphic to understand what to expect through the life of a bug bounty program.
Catch Kymberlee Price's Black Hat 2016 talk in a live webcast. This presentation will address some best practices and templates to help security teams build or scale their incident response practices.
Our monthly podcast hosted by Jason Haddix, Dr. of Technical Operations at Bugcrowd, analyzes some juicy bugs we've seen and how to defend against them. Subscribe now to get monthly episodes.
FCA US is the first full-line automaker to offer a paid public bug bounty program, leveraging Bugcrowd to enhance the safety and security of FCA US consumers, their vehicles and connected services with bounty payouts up to $1,500.
State of Bug Bounty Report 2016 Illustrates Market Adoption Shifting From "Tech Giants" Towards Traditional Industries and Thousands More Researchers
Series B Investment, led by Blackbird Ventures follows explosive growth in the adoption of bug bounty and crowdsourced security programs. Read more in our April 20th press release.
Cybersecurity attorney and law expert Jim Denaro join us May 24, 2016 to discuss legal misconceptions around bug hunting.
In this guide, you'll learn what makes for a good bounty brief and a successful program, as well as how researchers and program owners can align their respective expectations and avoid ambiguity and miscommunication.
Learn how Aruba was able to uncover critical bugs in their networking solutions with a private bug bounty program.
Bugcrowd's platform, Crowdcontrol, connects your security teams and applications to thousands of trusted hackers around the world.
Kymberlee Price discusses several critical steps to writing great vulnerability submissions that will speed up issue triage for the incident response team receiving reports (and result in higher bounty payouts). Examples of common mistakes will be reviewed with real submissions received by Bugcrowd.
Bugcrowd's second annual report shows the current state of the bug bounty ecosystem, with data from organizations running bug bounty programs and security researchers participating in them.
Backed by years of collected data, this guide answers how much you should budget for a crowdsourced security program and what you should set your reward range at to attract the right talent.
The VRT is a resource outlining Bugcrowd’s baseline priority rating, including certain edge cases, for vulnerabilities that we see often. Last updated March 2016.
Learn about how Bugcrowd uses public and private programs for our own application security testing.
Bugcrowd puts an army of thousands of the world's top security researchers on your side. With specialized skills in web and mobile applications, just like yours, they even the odds and find bugs in your code before the bad guys do.
A quick guide on the history of bug bounties, from 1995 to present.
Former RSA Executive Chairman Art Coviello Joins Bugcrowd Board of Directors
Cybersecurity expert Keren Elazari joined Bugcrowd Founder and CEO, Casey Ellis, for some bug bounty myth busting and trend spotting.
Originally given at DEFCON 23, Jason Haddix explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools and tips that make you better at hacking websites and mobile apps to claim those bug bounties.
Learn how with Bugcrowd’s help, the Zephyr Health team has transformed its' development and overarching culture to prioritize security in this 30 minute webinar.
As an active security researcher with immense professional expertise in application security, Jason Haddix joins us to explain the common attack vectors that face today’s mobile applications -- from a hacker’s perspective.
One stop shop for Android and iOS security resources for security and development teams.
Learn how Instructure increased their pen test results by 8x with the Bugcrowd Flex Bounty.
We join two of the Barracuda security team members to talk about the evolution of their program from its inception in 2010 to it's current state on the Bugcrowd platform.
State of the art security programs have been turning to bug bounties to leverage a vast array of skill-sets and knowledge for years. Organizations like Google, Facebook and Mozilla utilize crowdsourced security testing with great results, and now smaller companies are following suit, oftentimes using intermediaries like Bugcrowd to manage their own programs.
Join Wade Billings (Instructure) and Jonathan Cran (Bugcrowd) as they share some of the key takeaways from Instructure's Bug Bounty program on Bugcrowd.
Learn about the security job gap, and how Bugcrowd helps close that gap with crowdsourced security programs.
We have the pleasure every day of working with some of the most innovative companies in the world. By listening and iterating on feedback from them, we’re working hard to develop industry changing products and services. See what our customers have to say.
Learn how crowdsourcing your security results increases coverage and uncovers more complex vulns while meeting your compliance requirements.
How you can get started with an easy first step to better security measures.
Bugcrowd CEO, Casey Ellis, and VP of Operations, Jonathan Cran, discuss some misconceptions of bug bounty programs, and how you can be successful in running one.