tag
#vulnerability-disclosure
Vulnerability value modifiers
There are a few globally and truly external modifiers to the marketplace-defined value of a vulnerability.…
My DEF CON/Vegas moves
It has been an amazing week so far, but as we drop from “suite and wingtips” mode to “hoodie and sneakers” mode I’d…
7 Years and counting…
In 2012, Bugcrowd set out to create a radical cybersecurity advantage and level the playing field between attackers and defenders. As one of the…
My moves during the RSAC/BSides SF circus
Quick post re where I’ll be speaking and attending while the infosec/cyberz are in town for RSA Conference and B-Sides: ps…
Happy 6th Birthday @bugcrowd
6 years ago today I got off a plane armed with a bunch of notes. I’d spent a week meeting with pen-testing…
Thoughts on the vault7 CIA/Wikileaks disclosures
Wikileaks’ release of thousands of confidential CIA documents today is yet another demonstration of our just how vulnerable the cybersecurity domain is. Unless we…
On the U.S. Government and bug bounties
My favorite thing about going to conferences is establishing the underlying trends behind the questions I’m asked. We’re only half-way through…
3 years, 20,000 Security Researchers & 200 Clients later...
2012 was the year that almost every industry, banking, education, government, big tech and even security, was hacked. Many, if not all of these…
disclose.io — Driving safety, simplicity, and standardization in vulnerability disclosure.
disclose.io is a collaborative and vendor-agnostic project to standardize best practices around safe harbour for good-faith security research. The project expands…
Bugcrowd — the Premier Crowdsourced Cybersecurity platform.
Bugcrowd is the premiere crowdsourced security platform. More enterprise organizations trust Bugcrowd’s Crowdcontrol platform to manage their bug bounty, vulnerability disclosure, and next-…
Why the Smb Is Most at Risk from ms12-010
There’s a lot of hubbub going around about the recent vulnerability from Microsoft. It’s called MS12-020 and it affects the Remote…
Rdpcheck Checks Your Network for the New Rdp Vulnerability
We’ve created a tool at RDPCheck to help you test your exposure to an attack from the outside on Microsoft’s recent MS12-…