Collaborate Disseminate
Strategic partnership provides Global 1000 customers with more options to reduce risk and identify security gaps Infosecurity Europe – Olympia, London, June 4, 2019 – IOActive, Inc., the worldwide leader in research-fueled security services, toda… Continue reading IOActive and Bugcrowd Combine Forces to Extend Security Service Offerings
A popular form of crowdsourcing might have a problem with the size of its crowd. Most of the high-value digital security vulnerabilities reported to bug-bounty programs are found by just a fraction of the freelance researchers who participate in those contests, recent reports show, suggesting that there are not enough skilled bounty hunters to handle the available work. The trend has big implications for an industry that has come to expect regular growth over the past half-decade. For the companies, it means their customers — corporations such as Fiat Chrysler, LinkedIn, Starbucks and others — are paying to hear about lots of low-severity bugs while more critical problems potentially remain undiscovered. The latest numbers come from the 2019 Hacker Report by HackerOne, one of the leading bug bounty platforms along with Bugcrowd and Synack. Seventy-two percent of the hackers polled by HackerOne said they preferred to probe for vulnerabilities in websites. Compare that to the 3.5 percent who […]
The post Why bug bounty firms want to be penetration testing companies appeared first on CyberScoop.
Continue reading Why bug bounty firms want to be penetration testing companies
The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity … Continue reading 90% of companies interested in crowdsourced security programs
“Hydro subject to cyber-attack,” warned Oslo-headquartered Norsk Hydro ASA, one of the world’s biggest aluminum producers, on Tuesday. “Hydro has isolated all plants and operations and is switching to manual operations and procedures … Continue reading Norsk Hydro cyber attack: What happened?
The author of newly-published research that examines flaws in password managers has been kicked off Bugcrowd, a popular vulnerability-reporting platform, after one of the companies named in the research reported the author for violating Bugcrowd’s terms of service. Bugcrowd shut down Adrian Bednarek’s account after he violated the company’s rules on “unauthorized disclosure” by telling a reporter about a vulnerability in LastPass, a password management service. The vulnerability is an old bug that another researcher had already reported, but hadn’t been fixed. According to a disclosure timeline he shared with CyberScoop, Bednarek found himself banned from Bugcrowd on Feb 12., a day after he said he spoke with The Washington Post for a report that his consulting company, Independent Security Evaluators (ISE), ultimately published Tuesday. Bednarek had reported the vulnerability to Bugcrowd on Jan. 19. After being told it was a duplicate, he raised concerns that the bug still hadn’t been […]
The post Password manager report gets researcher booted from Bugcrowd appeared first on CyberScoop.
Continue reading Password manager report gets researcher booted from Bugcrowd
New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers. Continue reading Old Printer Vulnerabilities Die Hard
The news comes shortly after the DoD was called out for having rampant bugs in its weapons systems. Continue reading Pentagon Expands Bug-Bounty Program to Include Physical Systems
WhiteHat Security announced a partnership with Bugcrowd to broaden the WhiteHat Sentinel application security testing portfolio with vulnerability testing. The partnership will deliver an application security testing solution to organizations around th… Continue reading WhiteHat Security broadens application security testing portfolio with Bugcrowd partnership
Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits. Continue reading The Vulnerability Disclosure Process: Still Broken
Bugcrowd’s CTO and founder Casey Ellis talked to Threatpost about the recently launched HP printer bug bounty program. Continue reading Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting, and New VDP Project