Latest news with #Bugcrowd
Yahoo
07-05-2025
- Business
- Yahoo
Bugcrowd Joins AWS ISV Accelerate Program
Strategic Alliance Expands Bugcrowd's Go-to-Market Strategies, Leveraging AWS Network to Deliver Crowdsourced Security Globally DUBAI, May 7, 2025 /PRNewswire/ -- Bugcrowd, a leader in crowdsourced cybersecurity, announced today that it has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. The program helps AWS Partners drive new business by directly connecting participating ISVs with the AWS Sales organization. Through participation in the AWS ISV Accelerate Program, the Bugcrowd Platform is now available for AWS on-the-ground sales team. Bugcrowd (PRNewsfoto/Bugcrowd) The Bugcrowd Platform delivers managed bug bounty, vulnerability disclosure programs, penetration testing as a service, red teaming, and AI safety testing, all powered by "The Crowd," Bugcrowd's global community of ethical hackers and pentesters. By integrating with AWS, Bugcrowd will empower new customers to identify and mitigate critical vulnerabilities within their cloud environments. This integration allows the AWS sales team to offer their customers a powerful, proactive security solution, ensuring robust protection against evolving cyber threats. "We're thrilled to join the AWS ISV Accelerate Program and bring the Bugcrowd Platform more directly to AWS customers," said Paul Ciesielski, Chief Revenue Officer, Bugcrowd." This collaboration allows us to directly connect with AWS field sellers, expanding our reach and helping more organizations proactively address their security needs. By simplifying the procurement process and providing seamless integration, we're making it easier for AWS customers to leverage the collective expertise of our global hacker community. Ultimately, partnering with AWS reinforces our commitment to delivering industry-leading capabilities to as many users as possible." Joining the AWS ISV Accelerate Program streamlines the procurement process for AWS customers, granting them simplified access to Bugcrowd's cutting-edge security capabilities. The AWS ISV Accelerate Program provides Bugcrowd with co-sell support and benefits to meet customer needs through collaboration with AWS on-the-ground sales team globally. Co-selling provides better customer outcomes and assures mutual commitment from AWS and its partners. This collaboration creates significant growth opportunities for Bugcrowd to leverage the extensive network and resources from AWS to deliver unparalleled security services, drive optimal customer outcomes, and align with strategic VARs.
BBC News
28-04-2025
- Entertainment
- BBC News
What is bug hunting and why is it changing?
Few technology careers offer the chance to demonstrate your skills in exclusive venues worldwide, from luxury hotels to Las Vegas e-sports arenas, peers cheering you on as your name moves up the leaderboard and your earnings rack that's what Brandyn Murtagh experienced within his first year as a bug bounty Murtagh got into gaming and building computers at 10 or 11-years-old and always knew "I wanted to be a hacker or work in security".He began working in a security operations centre at 16, and moved into penetration testing at 20, a job that also involved testing the security of clients' physical and computer security: "I had to forge false identities and break into places and then hack. Quite fun."But in the past year he has became a full-time bug hunter and independent security researcher, meaning he scours organizations' computer infrastructure for security vulnerabilities. And he hasn't looked back. Internet browser pioneer Netscape is regarded as the first technology company to offer a cash "bounty" to security researchers or hackers for uncovering flaws or vulnerabilities in its products, back in the platforms like Bugcrowd and HackerOne in the US, and Intigriti in Europe, emerged to connect hackers and organizations that wanted their software and systems tested for security Bugcrowd founder Casey Ellis explains, while hacking is a "morally agnostic skill set", bug hunters do have to operate within the like Bugcrowd bring more discipline to the bug-hunting process, allowing companies to set the "scope" of what systems they want hackers to target. And they operate those live hackathons where top bug hunters compete and collaborate "hammering" systems, showing off their skills and potentially earning big payoff for companies using platforms like Bugcrowd is also clear. Andre Bastert, global product manager AXIS OS, at Swedish network camera and surveillance equipment firm Axis Communications, said that with 24 million lines of code in its device operating system, vulnerabilities are inevitable. "We realized it's always good to have a second set of eyes."Platforms like Bugcrowd mean "you can use hackers as a force for good," he says. Since opening its bug bounty programme, Axis has uncovered – and patched - as many as 30 vulnerabilities, says Mr Bastert, including one "we deem very severe". The hacker responsible received a $25,000 (£19,300) reward. So, it can be lucrative work. Bugcrowd's top earning hacker over the last year earned over $ while there are millions of hackers registered on the key platforms, Inti De Ceukelaire, chief hacking officer at Intigriti, says the number hunting on a daily or weekly basis is "tens of thousands." The elite tier, who are invited to the flagship live events will be smaller Murtagh says: "A good month would look like a couple of critical vulnerabilities found, a couple of highs, a lot of mediums. Some good pay days in an ideal situation." But he adds, "It doesn't always happen." Yet with the explosion of AI, bug hunters have whole new attack surfaces to Ellis says organizations are racing to gain a competitive advantage with the technology. And this typically has a security impact."In general, if you implement a new technology quickly and competitively, you're not thinking as much about what might go wrong." In addition, he says, AI is not just powerful but "designed to be used by anyone".Dr Katie Paxton-Fear, a security researcher and cybersecurity lecturer at Manchester Metropolitan University, points out that AI is the first technology to explode onto the scene with the formal bug hunting community already in it has levelled the playing field for hackers, says Mr De Ceukelaire. Hackers – both ethical and not – can exploit the technology to speed up and automate their own operations. This ranges from conducting reconnaissance to identify vulnerable systems, to analysing code for flaws or suggesting possible passwords to break into modern AI systems' reliance on large language models also means language skills and manipulation are an important part of the hacker tool kit, Mr De Ceukelaire says he has drawn on classic police interrogation techniques to befuddle chatbots and get them to "crack".Mr Murtagh describes using such social engineering techniques on chatbots for retailers: "I would try and make the chatbot cause a request or even trigger itself to give me another user's order or another user's data." But these systems are also vulnerable to more "traditional" web app techniques, he says. "I have had some success in an attack called cross site scripting, where you can essentially trick the chatbot into rendering a malicious payload that can cause all kinds of security implications."But the threat doesn't stop there. Dr Paxton-Fear says an over-focus on chatbots and large language models can distract from the broader interconnectedness of AI powered systems."If you get a vulnerability in one system, where does that eventually appear in every other system it connects to? Where are we seeing that link between them? That's where I would be looking for these kinds of flaws."Dr Paxton-Fear adds that there hasn't been a major AI-related data breach yet, but "I think it's just a matter of time".In the meantime, the burgeoning AI industry needs to be sure it embraces bug hunters and security researchers, she says. "The fact that some companies don't makes it so much harder for us to do our job of just keeping the world safe."That is unlikely to put off the bug hunters in the meantime. As Mr De Ceukelaire says: "Once a hacker, always a hacker."
Techday NZ
28-04-2025
- Business
- Techday NZ
Bugcrowd unveils red team service for cyber defence
Bugcrowd has introduced a crowdsourced Red Team as a Service (RTaaS) solution designed to provide scalable, intelligence-led adversarial testing for organisations preparing for modern cyber threats and zero day attacks. The new service connects organisations with a global pool of vetted ethical hackers to deliver a range of managed red team engagements, orchestrated through the Bugcrowd Platform. Bugcrowd aims to set a new standard in the red team services sector by enabling customers to test their security measures using current adversarial tactics, techniques, and procedures. RTaaS integrates with Bugcrowd's current offerings, such as Penetration Testing as a Service, Managed Bug Bounty, and Vulnerability Disclosure Programs, allowing customers to select services according to specific operational requirements, available budget, and organisational readiness. T hrough the company's international community of trusted ethical hackers, organisations are able to secure specialised expertise and scale their red team operations as needed. Dave Gerry, Chief Executive Officer of Bugcrowd, said: "Traditionally, red teaming was only possible for large organizations that could either afford the services of security consultants or had a sizable security workforce to manage the workload alongside daily operations—and even then, findings were too often not actionable. Bugcrowd's industry-first offensive crowdsourced RTaaS bridges this critical security gap, opening the door for our customers to access high-end capabilities that deliver crucial insights into their defensive posture—continuously." "Bugcrowd was founded on the bug bounty hunter mindset, an objective that aligns perfectly with Red Team operators. This launch is a significant milestone for Bugcrowd as it brings a pioneering solution to life. We are excited to see the power of The Crowd in action in RTaaS and enhance our customers' always-on approach to security testing." The persistent nature of sophisticated cybercrime campaigns has led to rising costs associated with breaches. As enterprise IT environments increase in complexity, organisations are recognising the need to take proactive steps to counteract advanced threats. While penetration testing and bug bounty schemes remain important methods for finding vulnerabilities, Bugcrowd's RTaaS is designed to boost organisational resilience by simulating attacks based on real-world scenarios, testing detection and response mechanisms, and revealing weaknesses that might not be detected by traditional assessment methods. Key capabilities of Bugcrowd's RTaaS include threat intelligence alignment with realistic scenarios, integration of risk profiling, and simulations modelled on real-life attack methodologies. Operators engaging in the RTaaS programme are selected from a global network based on their expertise in advanced tactics relevant to different customer environments and threat profiles. The service provides comprehensive reporting, including visual attack chains and narratives mapping findings to root causes and existing security controls. RTaaS is designed to be scalable and flexible, offering organisations the choice of assured, blended, or continuous red team engagements to address various levels of budget, compliance needs, and security maturity. Pricing options available through the platform include day-rate engagements, reward pools, and continuous programmes, aiming to provide a high return on investment for organisations with varying requirements. Bugcrowd's approach with RTaaS is to allow more organisations, regardless of size, to benefit from red team expertise that was once only accessible by larger enterprises. The service is available now to all Bugcrowd Platform customers.
