Sign in Subscribe

vulnerability-disclosure

22
Feb
Establishing asset ownership in vulnerability reporting

Establishing asset ownership in vulnerability reporting

The thing I see people get wrong most frequently in vulnerability reporting is being able to answer the question of ownership and "where to report my findings." Here are some practical tips for establishing ownership and thereby identifying the appropriate coordinator to contact.
3 min read
20
Feb
Modes of Public Vulnerability Disclosure

Modes of Public Vulnerability Disclosure

A proposed taxonomy... Discovery, Documentation, Distribution.
3 min read
10
Feb
A thought re vulnerability research clustering

A thought re vulnerability research clustering

The fact that insecure software pipelines are exploitable feels a little like the idea that bugs exist in old F/OSS code, or that a chip design might not be 100% perfect. It's almost QED - but in the defensive realm, people weren't looking there.
3 min read
06
Oct
Cyber Talk Episode 14 w/ Pratik Dabhi

Cyber Talk Episode 14 w/ Pratik Dabhi

Cyber Talk EP14 - Casey Ellis talks about entrepreneurship, motivation, cybersecurity & @Bugcrowd
15 min read
01
Oct
Iowa launches vulnerability disclosure program for election-related sites

Iowa launches vulnerability disclosure program for election-related sites

The State of Iowa has partnered with Bugcrowd to launch a vulnerability disclosure program on election infrastructure.
1 min read
29
Sep
Information Asymmetry and the 1950s Nuclear Bounty

Information Asymmetry and the 1950s Nuclear Bounty

Props to Matt Ploessel for calling out this one... I'd not heard of a bounty around nuclear weapons until today.
3 min read
29
Sep
Are you making a Walkman? Or an iPod?

Are you making a Walkman? Or an iPod?

When the walkman was introduced, it created a category. It's brand also became the term of description for that category.
3 min read
28
Sep
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs

NIST SP 800-53 R5 adds Vulnerability Disclosure Programs

NIST SP 800-53 Revision 5 is yet another step towards the legitimization of the Internet’s Immune System. Everyone who has worked on legitimizing the work of good-faith hackers for the past 30 years or more can feel encouraged by this release.
4 min read
11
Sep
Techcrunch: Use ‘productive paranoia’ to build cybersecurity culture at your startup

Techcrunch: Use ‘productive paranoia’ to build cybersecurity culture at your startup

At TechCrunch Early Stage, we asked Casey Ellis, founder, chairman and chief technology officer at Bugcrowd, to share his ideas for how startups can improve their security posture.
6 min read
27
Aug
Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01

Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01

Dear Director Krebs and CISA/DHS team, Thank you for the opportunity to comment on this Binding Operational Directive...
6 min read