You heard it right, if you can hack into your HP printer you could be awarded a $10,000 reward. As the IoT is set to further explode into mainstream life, security professionals get ready for the impossible challenge of defending connected devices from threats. The largest issue comes for the sheer number of devices that will now be connected to a network; no longer will it just be desktops, phones and...
Read More
We at Bugcrowd, believe crowdsourced security space is evolving rapidly. At Bugcrowd, we have more first-time Program Owners than ever trying out crowdsourced security economics through our Vulnerability Disclosure Programs and hundreds who have transitioned to on-demand and ongoing Bug Bounty Programs. We regularly ask Researchers and Program Owners for feedback on these programs; this feedback shapes our recommendations for what a bug is worth and the Vulnerability Rating Taxonomy and is...
Read More
The bitter truth is, everyone in the world (including you!) is susceptible to cybercriminals. And to no surprise, a security breach has the capacity to debilitate any organization’s reputation. But is it the actual breach or is it how the organization handles the incident that causes permanent damage? We’re diving deep into why ethics are so vital in bug bounty programs and the aftermath of the Uber breach with special guest,...
Read More
Lately, in the news, we've seen a dramatic increase in organizations worldwide using a Bug Bounty model, and there have been some huge results. But what is this program and how does it work? The cybersecurity industry is in a crisis for resources. Organizations hardly have the time or resources to triage and validate incoming vulnerability findings from independent researchers. A managed crowdsourced application security testing approach strengthens a company’s ability...
Read More
Today BugCrowd CEO, Casey Ellis, and founder and attorney at Cipher Law, James Denaro stepped on stage at AppSecUSA 2016 to talk about the logistics and legalities of bug bounties. They talked through some of the most common concerns people have about bug bounties and discussed both ways to address those concerns, as well as implement liability controls. What they really talked about, though, is risk and reward. The increased adoption and accessibility of bug...
Read More
Security researchers recently discovered a new, advanced form of malware that is so sophisticated, it is believed only a nation state could have developed it. Known as “Project Sauron”, the malware went undetected for five years until Kaspersky Labs discovered it in one of their client’s networks last September. Since then, they’ve found it at well over 30 other organizations, including those in Russia, Iran, and Rwanda. The “Project Sauron” malware...
Read More
Apple isn’t the only one offering up a $200,000 reward for severe vulnerabilities on mobile devices. Google followed suit yesterday with the announcement of the Project Zero Prize, and like the Apple Security Bounty, the top payout is $200,000. Announced by Google’s Project Zero research team, the contest began yesterday and is scheduled to run through next March 14. Researchers are invited to find critical bugs in Android, specifically on Nexus...
Read More