Lessons learned from running 95 bug bounty programs
by Mirko Zorz - Editor in Chief - Wednesday, 3 September 2014.
Large companies such as Google and Facebook have dedicated teams that review bug submissions, verify valid bugs and reward security researchers, but that can be time and cost-prohibitive for most companies. Bugcrowd is making sure that every company can leverage the power of crowdsourced security.
In this podcast recorded at Black Hat USA 2014, Casey Ellis, Founder and CEO of Bugcrowd, talks about the lessons they've learned after running 95 bug bounty programs as well as the different types of researchers that take part in their programs.
Press the play button below to listen to the podcast:
Posted on 21 October 2014. | Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.
Posted on 15 October 2014. | Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.
Posted on 14 October 2014. | Enabling employees and contractors to bring their own devices to work has become a way of life for many organizations. Many understand that traditional perimeter security defenses are not effective at identifying attacks on mobile devices.
Posted on 13 October 2104. | Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.