Bugcrowd
Follow
158 Followers
Follow Bugcrowd on their other social channels!
About Us
Founded:
2012
Company Size:
51-200 employees
Company Type:
Private
Location:
San Francisco
Website:
Managed crowdsourced security programs for companies of all sizes, with a community of over 44,000 security researchers & white-hat hackers.
Read more
Promoted Content
State of Bug Bounty
Follow
134
Submission Data Updates
In the course of doing data validation in the final quarter of 2017, Bugcrowd engineers identified areas where submission data was not correctly updating. Because we value transparency, we have outlined the resolved changes below:
Follow
255
Announcing our ISO 27001 Certification
We hit a big milestone for Bugcrowd today. We are excited to announce we're ISO 27001 certified!
Follow
169
Today We Recognize Our 2017 MVP Researchers!
2017 was a fantastic year of growth for our researcher community and program owners alike, with 32% more submissions rewarded, a 25% increase to the average reward and 61% more total rewarded submissions! In 2017, 145 Researchers qualified into MVP status, and earned close to 44% of our 2017 total payouts, with a rewarded submission total of over $3 million!
Follow
144
Why Ethics Matter in Bug Bounties
In 2017 we saw more data breaches, phishing scams, ransomware, state-sponsored attacks than ever before. And while each one was damaging in their own right and continue to shape cybersecurity, one breach in particular stood out: the Uber breach. Not necessarily for the impact or the type of breach, but for what happened afterwards.
Follow
Setting the Bar High for Bug Bounty Triage and Validation
Running a bug bounty program on your own is difficult. Imagine receiving hundreds of vulnerability submissions weekly, many of them unimportant, and many of them duplicates of known vulnerabilities. Once you weed through those submissions, you'll have to respond if needed, prioritize impact, and determine what it's worth. Then you'll have to file a ticket to make sure it gets fixed and the most fun part of all, pay the researcher, which as you can imagine, may get tricky.
Follow
145
NIST: Vulnerability Disclosure as a Requirement for Every Organization
Earlier this month, the National Institute of Standard and Technology’s (NIST) cybersecurity framework released a revision (1.1, Draft 2) of its Framework for Improving Critical Infrastructure Cybersecurity. The new release now includes vulnerability disclosure processes as part of the Framework Core (on page 43).
Follow
135
Why more government agencies should run Bug Bounties and VDP
If you’re reading this article, statistically speaking your organization might be getting hacked. Data breaches of U.S. government networks, once novel, have become pervasive over the past year. Take it from the Office of Personnel Management (OPM) or the IRS – no one is safe anymore. In private sector, the Equifax hack and Intel’s processor vulnerabilities have hit mainstream media by storm. The question needs to be asked: are we doing enough to protect ou ...
Follow
152
Bugcrowd: The next frontier of cybersecurity
My career has taken me on an incredible journey. From being a commissioned officer in the Navy and serving in Operations Enduring and Iraqi Freedom, to Apple to the Pentagon, I’ve spent the better part of my life following and homing in on my passion. That’s what brings me here, to Bugcrowd.
Follow
153
2018 Predictions: It Takes a Crowd
At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come.
Follow
Spectre & Meltdown: Quick Fact Sheet
Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, Google’s Project Zero has provided exploits that work against real software.
Follow
Highlights of our recent webinar \'2017 Predictions: 3 Experts Give Discuss Security Challenges for the Coming Year \' https://blog.bugcrowd.com/2017-security-expert-predictions

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel