Home / Companies / Bugcrowd / Blog / December 2019

December 2019 Summaries

6 posts from Bugcrowd

Filter
Month: Year:
Post Summaries Back to Blog
We are excited to announce our November 2019 Hall of Fame winners, including Private user in first place with 660 points, hateshape in second place with 590 points, and todayisnew in third place with 505. We thank all top performers by awarding bonuses ranging from $3,000 for the leader to $1,000 for the third-place winner. The company values its partnership with users who contribute to making their programs successful, and invites others to submit high-severity bugs to earn kudos points. Huge thanks are extended to all contributors, and the company looks forward to December's Hall of Fame results.
Dec 19, 2019 156 words in the original blog post.
Bugcrowd is introducing two new features: in-platform Coordinated Disclosure and CrowdStream. The former allows researchers to request disclosure of resolved vulnerabilities directly with program owners, while the latter provides a running feed of accepted submissions and public disclosures on programs that have it enabled. This facilitates easier information sharing between security practitioners and researchers, enabling them to take preventative measures and learn from each other's mistakes.
Dec 16, 2019 817 words in the original blog post.
As we enter the final month of 2020, the cybersecurity landscape is expected to evolve rapidly in response to accelerating technology adoption and connectedness. The 2020 elections will drive a significant increase in demand for vendors and governments to demonstrate accountability for data protection, with a focus on vulnerability disclosure programs. Cybersecurity threats will also target container misconfiguration, network hygiene, and breakouts in containers, emphasizing the importance of knowing one's attack surface and prioritizing assets. As technology advances and bad actors innovate, the cat-and-mouse game between security defenders and attackers will escalate, requiring individuals to stay vigilant and prioritize their cybersecurity efforts.
Dec 12, 2019 719 words in the original blog post.
As we enter the 2020s, businesses will face significant cyber threats that are unknown and unpredictable, requiring a proactive hacker-minded approach to protect against them. IoT device testing will become easier but may not necessarily lead to more secure devices, as new vulnerabilities will emerge with the technology's growth. Crowdsourced security will gain prominence, attracting new talent and creating innovative ways to leverage the crowd, leading to an increase in vulnerability submissions and payouts. Proactive organizations will be able to find and patch vulnerabilities before they're exploited, making them less vulnerable to breaches, ultimately contributing to a more secure internet.
Dec 10, 2019 1,007 words in the original blog post.
The Bugcrowd platform has released a new metric called Priority Percentiles, which measures researchers' bug hunting impact by comparing their submissions across all programs and showing how they rank against other researchers. This new metric replaces the Average Severity metric, allowing researchers to display their bug hunting abilities in a more holistic way. The qualifications for private program invites have also been simplified, requiring only four submissions on the platform, greater than 50% accuracy in the last 90 days, and one valid P1 - P3 submission in the same time period. The new metric will be rolled out with additional features, including a 90-day version of Priority Percentiles and the inclusion of Bugcrowd collaboration feature submissions in researcher stats.
Dec 04, 2019 517 words in the original blog post.
Bugcrowd has partnered with IBM Resilient to enhance its security and vulnerability management capabilities, enabling organizations to extract, share, and apply valuable insights across their software development lifecycle. The bi-directional integration allows new vulnerabilities found by Bugcrowd to be exported to Resilient for remediation or contextual awareness, and vice versa, streamlining the process of patching vulnerabilities and identifying connected issues that may have a greater impact over time. This collaboration aims to improve rapid and reliable handoffs between security and development teams, reducing security overhead and helping development teams fix faster.
Dec 02, 2019 244 words in the original blog post.