November 2019 Summaries
9 posts from Bugcrowd
Filter
Month:
Year:
Post Summaries
Back to Blog
Today, Bugcrowd is excited to start a new chapter of recognition and friendly competition with the launch of new leaderboards and achievement badges on the platform! The company has introduced three new achievements: Submission Shogun for valid submissions, Collaboration Crusader for accepted submissions with collaborating researchers, and Bounty Bee for programs with valid submissions. Researchers can earn levels and badge icons will change as they progress through these achievements. Additionally, collaboration is now recognized and rewarded, with a focus on team work and personal goal setting within the community.
Nov 26, 2019
379 words in the original blog post.
Google has announced a $1 million bug bounty reward for hackers who can carry out a full chain remote code execution exploit on the Titan M secure chip in Pixel devices, with an additional 50% bonus if the hack is done on a developer preview version of Android. This move aims to attract more skilled hackers to identify vulnerabilities and improve device security, as the skills required are rare and often sold to offensive buyers or used for personal gain. The increased incentive also encourages whitehat hackers to help companies like Google, rather than leaving users vulnerable, as tech giants compete to match the effort of finding bugs, creating a more secure product.
Nov 25, 2019
328 words in the original blog post.
Binance is launching a new bug bounty bonus program in collaboration with Bugcrowd to enhance its security system, offering rewards for identifying vulnerabilities. The program multiplies payouts for consecutive vulnerability reports between November 22, 2019 and December 22, 2019, with additional bonuses for multiple reports made within the same month. Researchers can earn up to $10,000 in rewards based on the technical severity of their reported vulnerabilities, with the top three researchers ranked by bounty amounts receiving exclusive prizes including BNB tokens and a Binance hoodie. This program builds upon Binance's existing bug bounty program, which has already identified over 80 vulnerabilities and improved the security of its platform through crowd-sourced efforts.
Nov 22, 2019
547 words in the original blog post.
Bugcrowd has launched Attack Surface Management (ASM), a risk-based solution that enables organizations to identify and prioritize unknown digital assets targeted by attackers. ASM combines human ingenuity with insights from crowdsourced security testing programs to help customers find and connect un-prioritized assets. The platform's flagship solution, Asset Risk, has been joined by the new addition of Asset Inventory, which provides continual discovery, inventory, alerting, and management controls for every organization's internet-facing asset map. Asset Inventory uses technology fingerprinting to catalog all IT encountered via technology fingerprinting, providing more insight and context around uncovered assets, and also enables "smart folder" creation and alerting to quickly categorize and flag high-risk asset-related events.
Nov 20, 2019
648 words in the original blog post.
Bugcrowd launched its first "Proof of Concept" bug bounty in 2015, offering a $500 USD reward pool and recognition as a leader in the bug bounty space. The platform has since grown to become one of the largest crowdsourced security platforms, with hundreds of thousands of hackers on board, over 1200 programs run, and more than 300,000 vulnerabilities submitted. Bugcrowd's latest product, Attack Surface Management, leverages the creativity and power of the crowd to help organizations think about security at scale. The platform has surpassed $1.6 million in payouts to over 550 hackers last month, with a wide acceptance of crowdsourced security as an essential layer in the security stack.
Nov 19, 2019
306 words in the original blog post.
A software developer with a passion for security transitioned into a career as a pen tester after discovering the world of bug bounties and their communities, which led to landing a job at Bugcrowd as Head of Researcher Enablement.
Nov 18, 2019
463 words in the original blog post.
We are excited to announce our October 2019 Hall of Fame winners, including hateshape with 1110 points in first place, todbot with 530 points in second place, and Private user with 500 points in third place. The top performers have been awarded bonuses ranging from $3,000 for first place to $1,000 for third place. We appreciate all the hard work and value our partnership with these contributors. To encourage high-quality bug submissions, we are now accepting bugs that result in critical security impacts, which will earn more kudos points. Huge thanks go out to all participants for their outstanding contributions, and we look forward to November's Hall of Fame results.
Nov 13, 2019
156 words in the original blog post.
We've hit a milestone, paying out over half a million dollars to hackers in the last week alone. This brings our total October payout to $1.6 million to over 550 hackers, with some individual payouts exceeding $40,000. Our community has grown exponentially over the past five years, with payouts increasing by more than 80% from 2018 to 2019. We've also seen a significant increase in critical findings, including over 300 P1s, and have launched initiatives such as Bugcrowd University to support our growing community of hackers. As we approach the end of the year, we're excited to see what the Crowd will accomplish next.
Nov 08, 2019
288 words in the original blog post.
Bugcrowd has launched Attack Surface Management (ASM), a crowd-powered solution that leverages the creative genius of researchers to help companies identify their unknown attack surface, provide more crowdsourced opportunities, and expand assets under coverage through incentivized testing programs. Researchers play a crucial role in identifying and understanding the unknown, bringing personal recon tools and methods to ASM engagements. The solution provides attribution and prioritization exercises, allowing program owners to understand the relationship between assets and true owners, as well as researchers' perspectives on asset attack-ability. By aggregating this information with anonymized data from Bugcrowd's history, ASM aims to provide a more organic measure of real risk possible, helping organizations redefine security at scale and view risk-based vulnerability management in a new light.
Nov 07, 2019
970 words in the original blog post.