Bug Bounty & Agile Pentesting Platform

Bug bounty and the EU Cyber Resilience Act – everything you need to know

The EU Cyber Resilience Act aims to protect Europe from increasingly sophisticated cyber-threats. The first quarter of 2023 has seen significant cybersecurity legislation coming out of the European Union (EU).  In early February, we reported on the adoption of the NIS2 Directive – a major EU cybersecurity initiative – and today we’ll focus on another […]

Continue reading Continue reading

Bug bounty and AI: How machine learning is changing the game for cybersecurity

AI presents some fresh opportunities to the bug bounty industry, but caveats apply You would be hard-pressed to find anyone in the cybersecurity industry who had not heard of ChatGPT over the past few weeks. Launched by research lab OpenAI as a prototype in November, ChatGPT is an artificial intelligence (AI) chatbot that quickly garnered […]

Continue reading Continue reading

How policymakers are helping expand the adoption of bug bounty programs

Thanks to lawmakers, 2022 was one of the best years ever for the advancement, validation, and growth of the bug bounty and crowdsourced security industry.  As we look back over the cybersecurity developments in 2022, we see a year where bug bounty programs and vulnerability disclosure policies (VDP) were increasingly mandated as part of government […]

Continue reading Continue reading

Key terms in crowdsourced security

Do you know your bug bounty from your Hybrid Pentest? Cybersecurity moves fast. And if keeping up with the latest emerging threats wasn’t enough, knowing the best way to defend against them can feel just as complicated.  When it comes to crowdsourced security, we’ve come a long way since the days of there only being […]

Continue reading Continue reading

Security is a continuous process. Here’s why your testing process should be too

“Continuous security testing” has recently achieved a top ten spot in the cybersecurity lexicon. At first glance, it appears self-explanatory and very sensible—something like, “An apple a day keeps the doctor away”, right? Well, yes. But what exactly is continuous security testing? How is it different from other cybersecurity approaches, such as penetration tests (pen […]

Continue reading Continue reading

What is a bug bounty platform? And what are the alternatives? 

Organizations run bug bounty programs as a way to identify and fix vulnerabilities within their systems, assets, and applications. They work by giving ethical hackers permission to test for vulnerabilities and provide a report of what they discover in an effort to reduce their attack surface. Alternative security testing methods include penetration tests and vulnerability […]

Continue reading Continue reading

U.S. Justice Department will no longer bring charges against good-willed security researchers

There was big news for the crowdsourced ethical hacking community on May 19th this year. The U.S. Department of Justice revised its policy in respect to “ethical” or “good-faith” hackers. It will no longer prosecute them under the Computer Fraud and Abuse Act (CFAA). This is a welcome step forward in the recognition of the […]

Continue reading Continue reading