Date: May 4, 2021 Our Bug Bounty Community of Interest (BB COI) has been hard at work this year discussing the challenging problems many Bug Bounty programs (BBP) face, potentially including Vulnerability Disclosure Programs (VDP). Throughout our conversations and research, we noticed that there is little comprehensive guidance covering the Bug Bounty space. In anContinue reading “Announcing the Bug Bounty Framework: Demystifying Bug Bounty Programs”
Category Archives: Blog
Effective Communication Goes a Long Way
In response to: The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs Bug Bounties have been a mainstay in many security programs, though they do suffer growing pains from time to time. The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs uses a qualitative approach to assess Bug Hunters’ views on Bug BountyContinue reading “Effective Communication Goes a Long Way”
Call a Duck a Duck, not a Bug Bounty
In response to: https://www.darkreading.com/vulnerabilities—threats/vulnerability-disclosure-programs-see-signups-and-payouts-surge/d/d-id/1338989 While we’re happy that crowdsourced security programs are attracting positive media attention, it’s important to point out that a Vulnerability Disclosure Program (VDP) isn’t a bug bounty, and a bug bounty isn’t a VDP. Both allow for coordinated disclosure between companies and researchers, but there are some stark differences between theContinue reading “Call a Duck a Duck, not a Bug Bounty”
The Imperative of Inclusion
The social tide has been turning to become more inclusive for decades, but still we hold onto remnants of the past. Many of the terms used in the security technology ecosystem are inherently exclusive and support a culture that has historically created hurdles and limits for diverse people. With the unprecedented events of 2020, individualsContinue reading “The Imperative of Inclusion”
