Home / Companies / Bugcrowd / Blog / February 2019

February 2019 Summaries

14 posts from Bugcrowd

Filter
Month: Year:
Post Summaries Back to Blog
The Bugcrowd Buggy Awards recognize individuals and organizations that have made significant contributions to the crowdsourced security space, including top-performing customers and researchers. The awards are divided into several categories, including Top Program Awards, Best Communication, Top Bug Hunter Awards, Community Champion, Ambassador Champion, P1 Warrior, Rookie of the Year, and Most Valuable Hacker. These awards acknowledge excellence in bounty program management, researcher engagement, and individual contributions to the security community.
Feb 28, 2019 725 words in the original blog post.
The healthcare industry is facing growing cybersecurity threats, with various attacks such as Conficker, WannaCry, and Petya causing significant damage to hospitals and healthcare systems. The threat landscape continues to evolve with new attack vectors emerging due to digitization, data growth, and increased technology adoption in healthcare. Cybersecurity measures are crucial for operational resiliency, but traditional security assessment methods often fall short of uncovering critical vulnerabilities. Crowdsourced cybersecurity is becoming an essential element of any organization's cybersecurity program, offering a solution to healthcare IT teams looking to mitigate risks and protect patient data. Employing crowdsourced security programs can help organizations uncover 7X more critical vulnerabilities than traditional methods, providing a much-needed solution for the growing threat landscape in healthcare.
Feb 25, 2019 679 words in the original blog post.
Bugcrowd was founded with a mission to make the digitally-connected world a safer place, helping organizations level the cybersecurity playing field by tapping into the collective creativity of its Crowd. Recognized as one of Fast Company's top 10 security industry leaders in 2019, Bugcrowd offers a competitive advantage through new tools and a team that aligns on this thinking. The company has successfully built a culture where people appreciate creativity, and has launched initiatives such as Bugcrowd University and LevelUp to improve application security training and community engagement. Bugcrowd also spearheaded Disclose.io, a project to standardize best practices for security researchers within bug bounty programs. By providing vulnerability remediation advice and helping developers successfully patch bugs, the company's holistic approach to crowdsourced security has been proven to enhance outcomes for customers and improve the security of the internet.
Feb 21, 2019 467 words in the original blog post.
Surfacing high-value, critical vulnerabilities is the #1 biggest attractor for organizations considering crowdsourced security, according to the 2019 Bugcrowd CISO survey. However, the lack of integration between application security tools and application development tools is a significant barrier to addressing these findings in a consistent and reliable fashion. To address this, Bugcrowd has integrated its Crowdcontrol platform with various business process tools, including project management, ticketing, messaging, and workflow tools, to facilitate efficient exchanges between Security, Risk, and Development teams. The integration with GitHub allows customers to push validated vulnerabilities to code cycles and link them across platforms, streamlining the handoff between Security and Development and enabling faster patching of critical vulnerabilities.
Feb 20, 2019 342 words in the original blog post.
Bugcrowd has announced that it will only be paying rewards for the top 3 places on its P1 P2 Paid Program Leaderboard, starting from January 2019. The reward amounts remain unchanged, with $3000 for first place, $2000 for second place, and $1000 for third place. This change is intended to reallocate funds to invest in new incentive programs and offer more researchers the opportunity to be rewarded. The organization has recognized top performers in January, including a private user who took first place with 280 points, and will continue to award bonuses to these individuals. Bugcrowd encourages researchers to submit high-severity bugs, as this can result in bigger rewards and faster invitations to private bounty programs. The company appreciates the hard work of its researchers and looks forward to announcing the February Hall of Fame results.
Feb 19, 2019 313 words in the original blog post.
Alyssa, a Bugcrowd Ambassador, started hacking in middle school due to frustration with school systems monitoring her online activity. She initially pursued unethical hacking but later discovered the ethical bug bounty community and began researching platforms like Google's bug bounty program. Alyssa now works full-time on bug bounties, managing her personal life and using tools such as Burp suite and Aqua tone to aid in her work. She recommends starting with reading disclosed bug reports and practicing capture the flag challenges for beginners. Bug bounties have improved Alyssa's life by providing a career and allowing her to meet other hackers worldwide. In her free time, she enjoys playing video games, learning Danish, and drawing.
Feb 15, 2019 600 words in the original blog post.
The author of the text, a Bugcrowd employee, shares their enthusiasm for the concept of "Outhacking them all" and its connection to leadership principles inspired by Captain Michael Abrashoff's book "It's Your Ship". The author highlights key takeaways from the book, including seeing things through the crew's eyes, prioritizing focus, taking responsibility as leaders, trusting team members, and fostering a culture of playfulness. These principles are applied in a business context to emphasize the importance of creativity, collaboration, and trust in achieving success.
Feb 14, 2019 879 words in the original blog post.
Zilliqa is a public blockchain that has implemented a sharded smart contract architecture, enabling new ways of interacting and trading on its platform. The blockchain's decentralized nature emphasizes the importance of community involvement in securing its assets. Zilliqa invites users to participate in testing and securing its primary publicly facing assets through a bug bounty program with rewards ranging from $150 to $5000. This initiative aims to foster a collaborative environment that protects customers and makes the digital world safer.
Feb 08, 2019 247 words in the original blog post.
The private sector is increasingly vulnerable to cyber attacks, with high-profile breaches such as the Equifax hack and Intel's processor vulnerabilities making headlines. Governments are taking steps to protect their assets, including establishing bug bounty programs like the Swiss Government's new program, which encourages good faith hackers to test its electronic voting system. The Pentagon's "Hack the Pentagon" program has been successful in driving positive change in this direction, and other governments are following suit. To support these efforts, organizations can learn from government-led crowdsourced security initiatives and speak with experts who have experience in running such programs.
Feb 08, 2019 387 words in the original blog post.
This blog first appeared on Daniel Miessler blog. There is a never-ending debate about the language around threat modeling, with most presentations muddling and conflating these terms in unclear ways. Threats are negative events that can lead to undesired outcomes, such as damage to or loss of assets, and can be caused by vulnerabilities in systems. Common threats include data breaches, natural disasters, and administrative errors. Threat actors are the individuals or entities initiating the scenario, often humans, but not always, as natural elements like floods and earthquakes can also cause significant damage. Vulnerabilities are weaknesses in the system that make threats possible, while risks are the combination of probability and impact of a negative event occurring, essentially a chance of something bad happening combined with its severity. Understanding the difference between these terms is crucial for effective threat modeling and risk management.
Feb 07, 2019 675 words in the original blog post.
Dinesh V., one of the top white hat hackers in India, has been actively participating in bug bounty programs on Bugcrowd for 6 years. He started his journey into cybersecurity by watching hacking movies and learning about hacking techniques through online resources. Dinesh's experience in bug bounty hunting has enhanced his ability to secure systems and allowed him to utilize his developer skills on the backend without fear of exploitation. With a background in Ruby On Rails, he is skilled in finding bugs in web applications, particularly those using ROR. Dinesh manages his personal life, work, and bug bounties by dedicating time to developing and bug hunting outside of office hours. He shares valuable insights on tools such as sublist3r and reverse Whois lookup, which aid in subdomain enumeration and identifying out-of-scope domains. As a seasoned hacker, Dinesh advises beginners to learn programming languages deeply to increase their chances of finding unique vulnerabilities. Through his involvement in bug bounty programs, Dinesh has not only secured systems but also taken care of his family's expenses during his studies. In his free time, he enjoys speed motorcycle riding, which helps him relax and clear his mind.
Feb 07, 2019 730 words in the original blog post.
We are excited to announce new incentive programs for our researcher community, which will recognize and reward their achievements throughout the year. The P1 Warriors program will stack badges on researcher profiles, quarterly blog callouts, and swag, with rewards increasing as researchers achieve more valid P1 priority vulnerabilities. The Bounty Slayers program offers a challenge with submission requirements and potential rewards of up to $2,500 for maintaining 10 valid submissions each quarter. We are also making tweaks to existing programs, including the MVP and Hall of Fame programs, which will now only reward winners on the P1 P2 leaderboard. These changes aim to encourage more researchers to participate and celebrate their achievements on our platform.
Feb 05, 2019 1,217 words in the original blog post.
Cyber criminals are constantly finding new ways to break into websites, putting personal information at risk. Businesses like SEEK have implemented a Vulnerability Disclosure Program to protect customer data, which has evolved over the years and now includes a Bug Bounty Program that offers monetary rewards for security vulnerabilities reported by top researchers from around the world. The program has been successful so far, with hundreds of valid vulnerabilities reported and over $100,000 USD in rewards given out. Now, the company is taking its program public, allowing anyone to sign up and start testing their websites, as part of a broader effort to ensure the security of their online services.
Feb 04, 2019 383 words in the original blog post.
Bugcrowd's MVP program recognizes consistent and high-quality contributions from its researchers, with 122 Researchers qualifying for MVP status in 2018, earning over $3.5 million in rewards. The 2018 program saw a significant increase in submissions, with 32% more rewarded, and a 25% increase to the average reward. To qualify, researchers must maintain an average submission acceptance rate of at least 80%, submit at least 10 qualifying non-duplicate submissions, and meet other criteria. The program is designed to recognize excellence among its crowd, with yearly qualification open to all researchers. In 2018, 26% of researchers received their third MVP award, while 48% received it for the first time. Bugcrowd will review the program annually, making changes to better recognize researcher work, including increasing the qualifying submission threshold and moving to a quarterly incentive structure.
Feb 01, 2019 408 words in the original blog post.