Home / Companies / Bugcrowd / Blog / September 2016

September 2016 Summaries

6 posts from Bugcrowd

Filter
Month: Year:
Post Summaries Back to Blog
The unprecedented growth and adoption of connected devices has created numerous threats for organizations, manufacturers, and consumers, while presenting opportunities for hackers. To effectively hack connected devices through APIs, defenders must possess valuable skillsets, including API testing expertise. The role of defenders has evolved in this domain, with a growing emphasis on API testing and collaboration with the security research community. Fitbit's bug bounty program, which has paid over $30K to researchers, is an example of this evolution, demonstrating the importance of working with security experts to identify vulnerabilities and improve overall security.
Sep 30, 2016 425 words in the original blog post.
The bug bounty community is growing and evolving, with diverse motivations among its members. A recent report aims to provide a better understanding of this group by examining demographics, motivators, and factors that influence their participation in bug bounty programs. The report also includes interviews with community members to offer a personal glimpse into the mind of a hacker. By gaining insight into the bug bounty community, organizations can improve their programs and create engagement with skilled and vibrant security researchers.
Sep 29, 2016 415 words in the original blog post.
The company behind 1Password, AgileBits, is launching a public bug bounty program to reinforce their commitment to product security. The program was built upon their successful private program with Bugcrowd and includes an expanded scope to cover all server-side APIs. Researchers can test the `1Password account signup page`, their own subdomain, or participate in White Box Testing features to directly attack the product. Rewards range from $100 to $25,000, with top researchers capturing a designated flag earning the highest reward. The program is open to both Business and Family accounts, with all signups receiving a free trial period of at least 30 days.
Sep 28, 2016 418 words in the original blog post.
This post discusses the evolution of bug bounties from open contests to more nuanced programs meeting organizational goals and objectives. Organizations run bug bounty programs for various business drivers, including improving security testing, conducting application testing before launch, providing a channel for vulnerability reporting, and showcasing commitment to security through public programs. These programs can be tailored to specific needs, such as on-demand or private programs, and can help organizations optimize their security posture, improve relationships with the security research community, and gain a competitive edge in their industry.
Sep 23, 2016 767 words in the original blog post.
Researchers can stay up-to-date on changes made to bounty programs by subscribing to them and receiving notifications when there are updates, such as changes in rewards or targets in scope. This feature aims to improve transparency, prevent confusion, and encourage long-term loyalty among researchers, who will be informed of any changes through email notifications with a link to view the updated program brief. By providing timely insights into bounty brief changes, researchers can take appropriate action, allowing them to maintain trust between organizations and the researcher community.
Sep 12, 2016 399 words in the original blog post.
Bugcrowd has announced its August 2016 Hall of Fame winners, recognizing top performers zseano, pocallaghan, and wouter for their exceptional bug-hunting skills. These researchers received significant bonuses for their outstanding contributions, with zseano taking the top spot with 390 points and a $2,500 bonus. The Bugcrowd community is encouraged to strive for similar success by submitting high-severity bugs that have critical security impacts, as these are rewarded with the most kudos points. By doing so, researchers can not only earn bigger rewards but also increase their chances of being invited to private bounty programs, which offer exclusive opportunities and faster invite times. The next Hall of Fame results will be announced in September, providing an opportunity for the community to shine again.
Sep 07, 2016 223 words in the original blog post.