Bugcrowd has had a busy summer. Recently, the bug-bounty company partnered with HP to launch the first-ever bug bounty program for printers, with rewards of up to $10,000 for discovered vulnerabilities.
Bugcrowd also recently announced Disclose.io, an open-sourced project to standardize best practices for providing a safe harbor for security researchers within bug bounty and vulnerability disclosure programs (VDPs).
The project, launched with Amit Elazari, a University of California, Berkeley doctoral candidate, enables organizations to protect both themselves and researchers submitting to their bug bounty and vulnerability disclosure programs by incorporating explicit safe harbor language outlining specific authorization, with clear scope.
Threatpost talked to Casey Ellis, Bugcrowd founder and CTO, about big trends in bug-bounty programs – including vulnerability disclosure issues, growing bounties around IoT and connected cars, and more.