Post Fri Mar 29, 2013 10:21 am

[Article]-Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties

Jason Haddix is back with a great interview with great guys doing a great project. Can I say great one more time?

Check it out. If you've got the talent and have been looking for some extra money or another item for the resume, this is for you.

Permalink: [Article]-Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties


Image


Love it or hate it, crowdsourcing is here to stay. While it’s been mostly confined to development and design, eventually it was going to come to security.  Two such gentlemen trying to pioneer the space are Casey Ellis and Sergei Belokamen. Being long-time hackers and having seen how the security space works, they decided to start Bugcrowd. Here’s a description directly from the source:

“Bugcrowd is by far the most comprehensive and cost-effective way to secure websites and mobile apps. We’ll do a brief consultation and help you set the budget, the duration, and which websites or apps you’d like our curated crowd of researchers to test. The Bugcrowd researchers get to work finding security flaws in your applications. All testing can be routed through Bugcrowd’s crowd-control system, providing control and accountability. Any bugs are submitted to our Secure Operations Centre as soon as they are found. We validate the flaws and, at the end of the bounty, reward the first researcher to find each unique flaw. We provide you with an easy to understand report for you to hand to your developers… We can even recommend partners to help you fix what we find!”

Join me as I interview them both about their new venture and uncover some interesting information about security testing on a massive scale, as well as how to start. For example, if you are a tester looking to participate, it couldn’t be easier. Fill out the “Ninja” form and create an online profile (public or private) in which you provide Bugcrowd with your PayPal email address. Then you wait until you receive an email message announcing a new bounty… and it looks a little something like this…



Join, discuss, share prior experience with Bugcrowd...

Don
CISSP, MCSE, CSTA, Security+ SME