Home / Companies / Bugcrowd / Blog / September 2018

September 2018 Summaries

12 posts from Bugcrowd

Filter
Month: Year:
Post Summaries Back to Blog
As the Head of Cyber Security & Emerging Threats at PureVPN, Umer Awan emphasizes the importance of security being a default setting, with his primary responsibility being to protect the privacy, security, and anonymity of over 3 million users. With the increasing complexity of multiple platforms, devices, and protocols, PureVPN has partnered with Bugcrowd's massive community of 90,000+ researchers and ethical hackers to hunt down bugs and vulnerabilities. The company aims to scale its security measures further through this partnership, leveraging the collective power of the crowd to quickly identify issues and push internal resources to fix them, ultimately setting new benchmarks in the VPN industry.
Sep 27, 2018 428 words in the original blog post.
Building in security testing as part of continuous integration is becoming increasingly essential for DevOps teams, enabling informed decisions about feature architecture and design with security requirements in mind. Effective communication between security and development teams is critical to share actionable information such as vulnerability CVSS scores and reproduction steps, facilitating quick patch implementation. However, integrating security into the existing workflow poses challenges due to differences in skill sets, business priorities, and risk assessment. To overcome these hurdles, managed bug bounty programs with APIs and turn-key integrations can streamline vulnerability data into the development workflow, allowing developers to fix vulnerabilities quickly while maintaining code velocity.
Sep 26, 2018 390 words in the original blog post.
As the fall season begins, the author reflects on individuals who think differently and achieve greatness through unconventional approaches, drawing inspiration from Bugcrowd's cybersecurity approach that combines art and science. Sonam Wangchuk, an engineer and educator in Ladakh, India, is a notable example of innovative problem-solving; he created "Ice Stupas" to store water and irrigate crops, leveraging principles of fluid-dynamics and human creativity to address climate change challenges. This ingenious invention not only helped the local community but also earned Wangchuk the Rolex Award for Enterprise in 2016. The author sees parallels between Wangchuk's approach and Bugcrowd's crowdsourced security model, which leverages human intelligence at scale to combat malicious motives by harnessing the creativity of good-faith hackers to uncover vulnerabilities in code.
Sep 25, 2018 752 words in the original blog post.
This blog was written by Stu Hirst, Head Of Security Engineering, Photobox Group, reflecting on his experience with the bug bounty model since 2015 when he ran a successful Bugcrowd program that yielded 149 vulnerabilities. At Photobox, they have a dedicated Application Security Team and Security Champions who assist in finding and fixing vulnerabilities, and they value the submissions from researchers as paramount to improving their security posture. They turned to Bugcrowd to streamline their process, leveraging its platform for managing relationships with researchers, prioritizing fixes using Vulnerability Rating Taxonomy, and developing an ongoing program of bug reward. Their first step is to manage Responsible Disclosure via a vulnerability disclosure program, and in 2019, they plan to establish a full bug program with cash and points rewards through Bugcrowd, showcasing their commitment to responsible disclosure and collaboration with the researcher community.
Sep 24, 2018 493 words in the original blog post.
The White House has released its National Cybersecurity Strategy, which emphasizes crowdsourced security as a key solution to address the growing threat of cyber attacks on the US government and private sector. The strategy promotes regular testing and exercising of cybersecurity and resilience during development using best practices from forward-leaning industries, including coordinated vulnerability disclosure and crowd-sourced testing. The US government recognizes its enormous attack surface and resource shortage in cybersecurity, and is adopting more creative approaches to solving these problems. The release comes after the House Homeland Security Committee advanced bipartisan bills that would force the Department of Homeland Security to initiate a crowdsourced security approach through bug bounty programs and vulnerability disclosure. The strategy also highlights the importance of risk management, innovation, and collaboration with the global community of white hat hackers.
Sep 21, 2018 681 words in the original blog post.
This blog was written by Zowie Langdon, CTO of Blockport and originally appeared on the Blockport blog` Blockport has launched a 'responsible disclosure program' to improve security on its platform, in partnership with Bugcrowd. This program allows security researchers worldwide to discreetly notify the team of bugs or potential vulnerabilities they've discovered, while incentivizing users to participate by rewarding them with points for testing and reporting security issues. The program aims to increase overall awareness around cyber-security issues amongst cryptocurrency exchanges and promote a sense of responsibility among users, exchanges, and the industry as a whole. By doing so, Blockport hopes to emphasize safety measures in the cryptocurrency space, promoting accountability, transparency, and credibility.
Sep 20, 2018 662 words in the original blog post.
PlanetHoster's mission is to provide the latest technologies and technical expertise in an all-in-one premium web hosting platform, serving over 60,000 customers with a HybridCloud infrastructure hosting more than 100,000 websites. The company prioritizes customer safety and security, launching a private bug bounty program through Bugcrowd to maximize protection. After two minutes of launch, researchers began submitting valid vulnerabilities, providing instant feedback that proved beneficial. PlanetHoster leverages Bugcrowd's expertise in managing the bug bounty program, receiving immediate notice of vulnerabilities and remediation advice to fix them. The partnership with Bugcrowd provides additional security support, lifting a burden off PlanetHoster's shoulders and allowing them to focus on premium services.
Sep 19, 2018 406 words in the original blog post.
The threat landscape for enterprises has become increasingly complex, with the global average cost of a data breach rising to $3.86 million in recent years. Enterprises are struggling to keep pace with the growing number and complexity of threats, despite allocating more resources to cybersecurity. The traditional approach to security is no longer sufficient, and new models such as crowdsourced security and managed bug bounty programs are being explored to strengthen product security and cultivate a mutually rewarding relationship with the security researcher community. These programs offer organizations the ability to tap into a large pool of skilled testers and increase the odds of finding critical vulnerabilities, providing 24/7 human testing coverage and incentivizing a diverse community of researchers.
Sep 19, 2018 382 words in the original blog post.
The Bugcrowd team designed and built a badge for DEF CON 26, with five challenges that required participants to use various skills such as cryptography, programming, and problem-solving. The first challenge involved noticing an anagram on the badge, while the second challenge required connecting to the badge via serial and solving a puzzle related to the movie WarGames. The third challenge involved deciphering a message encoded in an image using the programming language Piet, while the fourth challenge required decoding a book cipher using George Orwell's novel 1984. The final challenge led participants to a pool party where they could deliver their team's contact information and individual Shamir shards for verification, with prizes given out as koalas. The team is looking forward to starting early brainstorming work on next year's badge, which they hope will involve more hacking skills.
Sep 17, 2018 1,127 words in the original blog post.
The Vulnerability Rating Taxonomy (VRT) 1.5 release incorporates insights from the broader security community, with updates reflecting changes in the application threat landscape and the end of life for Flash. The updated VRT includes improved transparency, increased granularity, and revised severity ratings to better reflect market trends. The VRT is a living document that continues to evolve through open sourcing and collaboration with customers and experts. The update will be implemented into the Crowdcontrol platform by September 27th, prompting users to review their program briefs for any necessary adjustments.
Sep 13, 2018 437 words in the original blog post.
Bugcrowd has announced its August 2018 Hall of Fame winners for three leaderboards, recognizing the hard work of its Researchers across various programs. The top performers on each leaderboard earned significant points and bonuses, with the highest earners receiving $1,250, $750, and $500 respectively. Bugcrowd's top Researchers submitted high-severity bugs that resulted in critical security impacts, earning them bigger rewards and potentially faster invitations to private bounty programs. The company thanks its Researchers for their contributions and looks forward to announcing the September Hall of Fame results.
Sep 13, 2018 329 words in the original blog post.
This blog post originally appeared on Casey’s Medium blog. Six years ago today, Casey Hewitt got off a plane with notes and ideas after meeting with pen-testing customers in Melbourne about bug bounty programs. The conversations and ideas coalesced into the concept of Bugcrowd, which was born when Casey registered the @bugcrowd Twitter handle and domain, invited hackers to sign up, ran a proof-of-concept bounty, brought on a Co-founder, and started running programs for customers and charities less than three months later. The team, customers, crowd, and competitors have collectively achieved the acceptance of crowdsourced security, which has irreversibly changed how the Internet defends itself.
Sep 04, 2018 213 words in the original blog post.