Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program
10/5/2017How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
Post a Comment
Author
Profile of Jason Haddix
Head of Trust & Security, Bugcrowd Member Since: 12/15/2016Author
News & Commentary Posts: 2
Comments: 0
Jason is the head of trust and security at Bugcrowd. Jason works with clients and security researchers to create high value, sustainable, and impactful bug bounty programs. He also works with Bugcrowd to improve the security industry's relations with researchers. Jason's interests and areas of expertise include mobile penetration testing, black box Web application auditing, network/infrastructural security assessments, and static analysis. Before joining Bugcrowd, Jason was the director of penetration testing for HP Fortify, and also held the #1 rank on the Bugcrowd leaderboard for 2014.
Articles by Jason Haddix
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
Post a Comment
The Bug Bounty Model: 21 Years & Counting
12/29/2016A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-11375
PUBLISHED: 2018-05-22
PUBLISHED: 2018-05-22
PUBLISHED: 2018-05-22
PUBLISHED: 2018-05-22
PUBLISHED: 2018-05-22
From DHS/US-CERT's National Vulnerability Database CVE-2018-11375
PUBLISHED: 2018-05-22
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVE-2018-11376PUBLISHED: 2018-05-22
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
CVE-2018-11377PUBLISHED: 2018-05-22
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVE-2018-11378PUBLISHED: 2018-05-22
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
CVE-2018-11379PUBLISHED: 2018-05-22
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This