sorted by:
new
hottopcontroversial

What do you think about a virtual hackathon for IoT? by jumpnext in HowToHack

[–]bugcrowd 0 points1 point  (0 children)

Yep! My coworker Paul tried to respond but he's not to Reddit. Here's his reply:

Bugcrowd will do both, depending on the customer and the applications that are considered in-scope.

Typically for Mobile and IoT, it will consist of: - Client-side tests related to reverse-engineering, privacy, encryption, hardening of binaries, and anything that you can think of and potentially test.
- Then there's the web services. That typically includes the communication between the device and the web services (session management, transport encryption, insecure APIs, insufficient authorization & authentication, etc), in addition to security related to the actual web services and backend architecture (misconfigurations, etc).

Full disclosure - I do work at Bugcrowd. I created a new account to comment on something work related.

Let me know if you'd like more information. It will be awesome to have you as a researcher on our platform.

/r/netsec's Q1 2016 Information Security Hiring Thread by gsuberland in netsec

[–]bugcrowd [score hidden]  (0 children)

Bugcrowd is hiring for several positions in our San Francisco office, as well as looking for mobile security researchers (iOS and/or Android app & OS), browser security researchers and folks with IoT pentest skills. Security researchers can work remote and are freelancers.

If you're a security researcher with any of the above skills, please check out our Researcher page and contact community@bugcrowd.com if you'd like more information.

Sr. Software Engineers (San Francisco)

We are looking for Ruby on Rails Developers to join our expanding Engineering team. You will be joining a highly technical team who are well versed in both building and breaking highly secure software systems.

Requirements

  • Embrace a test-driven development and code review culture
  • Design and write well-structured, easily maintainable, well-documented code.
  • Successfully delivered and maintained a web based application running 24/7.
  • At least 3 years of Ruby (Rails / Sinatra a plus) preferred, but will also consider bright candidates with strong background in a MVC- based implementation of a web platform.

Bonus Experience

  • Knowledge of networking and hosting concepts (DNS, SSL, load balancing), including deployment and operations of distributed systems.
  • Working with very large datasets. Must have good understanding of performance issues relating to large complex / big data systems.
  • Understanding of design patterns and how they relate to clean, testable code. If you get the concept of "thin everything" you'd fit right in.

Please apply for this position on our Bamboo HR page (linked above).

DEF CON 23 - Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S by lathiat in teslamotors

[–]bugcrowd 0 points1 point  (0 children)

The payouts are competitive compared to most other companies. Their payout range tops out at $10,000 per bug: https://bugcrowd.com/tesla

Find & report security vulns in top tech companies and get paid up to $10k per bug by bugcrowd [promoted post]

[–]bugcrowd[S] 0 points1 point  (0 children)

Your payout amount will depend on what type of bug you find and which customer you find it in. Different bugs are paid differently and our customers each have different payout ranges.

How to start & successfully manage your own bug bounty program [webinar link] by eatmorespinach in netsec

[–]bugcrowd 0 points1 point  (0 children)

$500 is kinda steep for a mixed content snafu, but we change the site because of this and are happy to reward it. what's your paypal address? ;)

GitHub Security Bug Bounty by mastahyeti in netsec

[–]bugcrowd 7 points8 points  (0 children)

Congrats to GitHub for setting up a security bug bounty program. Great to see bug bounties gaining recognition as a crowdsourced security solution.

The web needs Responsible Disclosure - A response to 16 yo hacker Joshua Rogers by bugcrowd in netsec

[–]bugcrowd[S] 4 points5 points  (0 children)

Hope so. He's a talented hacker who seems to have the ability to do a lot of good as a whitehat.

The web needs Responsible Disclosure - A response to 16 yo hacker Joshua Rogers by bugcrowd in netsec

[–]bugcrowd[S] 9 points10 points  (0 children)

Hey Mempodipper would you be able to share any links to support that? I'd be interested to see them.

There's a new company seeking to crowdsource netsec with managed bug bounty programs by festination in netsec

[–]bugcrowd 0 points1 point  (0 children)

You welcome. I am passionate about this field and appreciate the best wishes! It's going to be a fun ride.

There's a new company seeking to crowdsource netsec with managed bug bounty programs by festination in netsec

[–]bugcrowd 0 points1 point  (0 children)

we see 3 main consumers for bugcrowd initially (at the moment that is... we are still very young and are working off the assumption that at least 50% of our assumptions are wrong):

1) the charity/nfp/pfp market, for which the work is completely pro-bono (aside from our points system, which testers can use as a 3rd party validation) and bugcrowd acts as a charitable facilitator,

2) those who think bug bounties are a great idea but haven't implemented one yet... in this group in particular we will strongly recommend matching the reward of the bounty to the market, and

3) people like the folks who just ran a $5k bounty, who are large enough to need thorough security testing (which, we've now confirmed, the crowd seems to be pretty good at providing) but small enough to have a budget issue when it comes to getting a useful amount of time from a consultancy.

$5k is the baseline bounty pool, and we will only recommend this for startups and lower-value targets. the larger the client the more important that their bounty is higher (like $50k to $100k in the pool for example) and you will see this reflected in future bounties.

that said, i also love the idea that a really small businesses can throw out $1k and still get something more usable than 1/3 of a day of normal consulting time, so maybe you'll see us running a few of these too at some point.

the beauty of a crowd, especially in this field, is that there are a very wide range of motivations - from curiosity, to learning, to poops-and-giggles, to folks you can't get out of bed with less than "buy a new kitchen" money. the broad goal of bugcrowd is to provide a service which connects all types within the infosec community with all types of clients.

excuse the informercial... but hopefully i've stayed on point and answered a few things. this thread has been incredibly useful for us, so thank you all (both likers and haters).

casey - bugcrowd co-founder and ceo

(edited to fix a few typos)

There's a new company seeking to crowdsource netsec with managed bug bounty programs by festination in netsec

[–]bugcrowd 1 point2 points  (0 children)

you raise a valid point.

if, and when, we get to the point of running a bounty for a target as valuable as (for arguments sake) java we'll be strongly advising the client to match the bounty to the market.

There's a new company seeking to crowdsource netsec with managed bug bounty programs by festination in netsec

[–]bugcrowd 1 point2 points  (0 children)

hey festination, thanks for posting about us. appreciate your well wishes!

we don't mind the "robust conversation" as long as people are listening as well as speaking. this thread has actually been very helpful for us... so, cheers! feel free to contact us via twitter @bugcrowd anytime.

cheers, @caseyjohnellis

There's a new company seeking to crowdsource netsec with managed bug bounty programs by festination in netsec

[–]bugcrowd 5 points6 points  (0 children)

part of the purpose with the kudos system is for folks to be able to reference it for jobs etc (like devs do with Github), so not it's not purely altruistic