Blog

  • Case Study: How Intel is Challenging the Norms of Bug Bounty Retesting

    Date: August 16, 2024 Author: Chris Holt, Intel Bug Bounty Program Manager Background Bug Bounty programs are structured to take reports from external security researchers, route them to product and development teams for mitigation, and then offer rewards for verified findings. Standard program operations only leverage development team’s time to test the mitigation and confirmContinue…

  • Announcing the Bug Bounty Framework: Demystifying Bug Bounty Programs

    Date: May 4, 2021 Our Bug Bounty Community of Interest (BB COI) has been hard at work this year discussing the challenging problems many Bug Bounty programs (BBP) face, potentially including Vulnerability Disclosure Programs (VDP). Throughout our conversations and research, we noticed that there is little comprehensive guidance covering the Bug Bounty space. In anContinue…

  • Effective Communication Goes a Long Way

    In response to: The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs Bug Bounties have been a mainstay in many security programs, though they do suffer growing pains from time to time. The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs uses a qualitative approach to assess Bug Hunters’ views on Bug BountyContinue…

  • Call a Duck a Duck, not a Bug Bounty

    In response to: https://www.darkreading.com/vulnerabilities—threats/vulnerability-disclosure-programs-see-signups-and-payouts-surge/d/d-id/1338989  While we’re happy that crowdsourced security programs are attracting positive media attention, it’s important to point out that a Vulnerability Disclosure Program (VDP) isn’t a bug bounty, and a bug bounty isn’t a VDP. Both allow for coordinated disclosure between companies and researchers, but there are some stark differences between theContinue…

  • The Imperative of Inclusion

    The social tide has been turning to become more inclusive for decades, but still we hold onto remnants of the past. Many of the terms used in the security technology ecosystem are inherently exclusive and support a culture that has historically created hurdles and limits for diverse people. With the unprecedented events of 2020, individualsContinue…