-
Announcing the Bug Bounty Framework: Demystifying Bug Bounty Programs
Date: May 4, 2021 Our Bug Bounty Community of Interest (BB COI) has been hard at work this year discussing the challenging problems many Bug Bounty programs (BBP) face, potentially including Vulnerability Disclosure Programs (VDP). Throughout our conversations and research, we noticed that there is little comprehensive guidance covering the Bug Bounty space. In anContinue…
-
Effective Communication Goes a Long Way
In response to: The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs Bug Bounties have been a mainstay in many security programs, though they do suffer growing pains from time to time. The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs uses a qualitative approach to assess Bug Hunters’ views on Bug BountyContinue…
-
Call a Duck a Duck, not a Bug Bounty
In response to: https://www.darkreading.com/vulnerabilities—threats/vulnerability-disclosure-programs-see-signups-and-payouts-surge/d/d-id/1338989 While we’re happy that crowdsourced security programs are attracting positive media attention, it’s important to point out that a Vulnerability Disclosure Program (VDP) isn’t a bug bounty, and a bug bounty isn’t a VDP. Both allow for coordinated disclosure between companies and researchers, but there are some stark differences between theContinue…
-
The Imperative of Inclusion
The social tide has been turning to become more inclusive for decades, but still we hold onto remnants of the past. Many of the terms used in the security technology ecosystem are inherently exclusive and support a culture that has historically created hurdles and limits for diverse people. With the unprecedented events of 2020, individualsContinue…
