We are Bugcrowd – Ask Us Anything! Casey Ellis, Kymberlee Price, Jason Haddix – AMA July 28th, 8am PDT via /r/netsec

Hi /r/Netsec!

We’ve brought together a few of the leaders from the Bugcrowd team to do an AMA. We’re looking forward to your questions about all things crowdsourced security!

For the AMA we have:

• /u/CaseyJohnEllis / @CaseyJohnEllis – Co-founder and CEO of Bugcrowd. Casey founded Bugcrowd in 2012 in Australia, eventually moving the company to San Francisco, CA in 2014. Through Bugcrowd, Casey has created and helped popularize the bug bounty concept, and brings it to a wide array of companies and industries.

• @Kym_Possible – Senior Director of Researcher Operations at Bugcrowd. Kymberlee has years of experience in security, working at BlackBerry in Incident Response and Microsoft as a Security Program Manager. Make sure to catch her talk next week at Black Hat on August 3rd.

• /u/Jhaddix / @JHaddix – Director of Technical Operations at Bugcrowd. Jason leads the Application Security Engineer team that analyzes & triages vulnerability submissions for Bugcrowd’s customers. Jason has contributed to several InfoSec projects (SecLists), led the OWASP Mobile Security Project, and has experience at Redspin (Lead Penetration Tester) and HP Fortify (Director of Penetration Testing). Jason will also talk at Black Hat next week, and btw his team is hiring.

• /u/QforQ / @SamHouston – Senior Community Manager at Bugcrowd. Sam’s been working with the bug bounty hunter community for the last couple of years, with prior community experience at Electronic Arts, Couchsurfing and others.

We plan to answer questions from 8am – 9:30am PDT July 28th, but will answer more questions throughout the day as we get the chance.

Over the past year we’ve released several studies and resources for the InfoSec community in an effort to bring some more transparency to the industry and share what we’ve learned. In early 2016 we posted the Defensive Vulnerability Pricing model, which answers ‘What’s a bug worth?’ in bug bounties, and in February we released the Vulnerability Rating Taxonomy which provides a baseline priority rating for vulnerabilities. Lastly, we just recently published the 2nd annual State of Bug Bounty Report which dives into what kinds of bugs to expect in a bug bounty, and who participates in bounties.

This summer we’ve announced our work with several new customers including OWASP (ZAP, CSRFGuard & Java Sanitizer), Magento, and Fiat Chrysler.

We’ve also announced that network security expert HD Moore has joined Bugcrowd as a strategic advisor. Hear HD on Risky.Biz talking about why he’s turned to thinking there is room for both the penetration testing and bug bounty industries.

We also would like to invite everyone to join us next week at DEFCON in our Day Lounge and stop by our table in the Car Hacking Village.

So without further ado, AMA!