Earlier today we held the First Annual Buggy Awards hosted by our CEO and Founder Casey Ellis, our Director of Customer Success Abby Mulligan, and our Sr. Director of Researcher Operations Kymberlee Price. The aim of these awards was to honor the top bug hunters and companies running bounty programs in 2015. These two groups of people are essential to our company success and are advancing the bug bounty and vulnerability disclosure space.
For the awards given to our top public bounty programs, we recognized two companies who are truly committed to the Bugcrowd researcher community and running a great bounty program.
The first award we recognized is the public bug bounty program with the fastest response time. This award represents a customer who is truly on top of their program and communication with the researchers submitting bugs.
Runners Up:
Congrats to Fitbit to winning our 2016 Buggy Award for Top Program, Best Response Time
Since launching in September, they have accepted 70 submissions with a median time from triage to acceptance of less than one day.
In a survey of our active 2015 crowd members, we asked what their favorite program was and “Why?” Some of the reasons given included… good and fair reward payouts, understanding communication, interesting targets, open scope, and a favorable disclosure policy.
Congrats to Tesla Motors for winning our 2016 Buggy Award for Top Program, Researchers’ Choice
For those of you who aren’t familiar with the Tesla bug bounty program, it kicked-off mid last year, and today includes their web applications and all devices including the cars. Their program has received over 1200 submissions and had the second highest payout in 2015. You can view their program brief here.
For the awards given to our top bug hunters, we recognized three individuals based on vulnerability submission data.
This award went to the researcher with the highest Kudos points on Disclosure Only programs. This award is important because programs like ISC2, who are a not for profit security education and certification company, are extremely devoted to security but don’t offer cash bounties.
How do Kudos Points work? Each researcher that submits a vulnerability through Bugcrowd receives Kudos Points weighted by the severity of the submission – a Critical “P1” vulnerability earns 40 points, a Low severity just 5 points. You can read more about issue severity in Bugcrowd’s Vulnerability Rating Taxonomy. This is important to understand as we start talking about the accomplishments of our finalists in this category.
Congratulations to Vishnu_Vardhan_Reddy for winning our Buggy Award for Top Bug Hunter, Responsible Disclosure Chamption.
Vishnu_Vardhan_Reddy started working on disclosure only programs to develop the performance history to get private program invitations. He achieved that goal with a number of P1 and P2 submissions in 2015. He earned 535 points on disclosure-only programs in 2015, delivering multiple high severity vulnerability reports to Bugcrowd programs.
These researchers have gone above and beyond in submitting the highest quality bugs the most consistently in 2015, providing tremendous insights, feedback and value to organizations. So many hours have gone into the critical vulnerabilities over the past year – 1,029 were submitted across the entire Crowd. Today we’ll honor the three researchers who found the most of those P1s.
Congratulations to Nahamsec for winning our Buggy Award for Top Bug Hunter, Most P1’s.
Nahamsec is a US based researcher and university student that has been active with the Crowd since early 2014 and is ranked 9th in the Crowd overall. He delivered 14 critical vulnerabilities in 2015, helping multiple Bugcrowd customers to secure their web, mobile, and IoT applications.
This award was given to the hacker demonstrating excellence in submitting high severity bugs, high volume of bugs, AND having a high rate of accuracy. The minimum criteria for this category are: acceptance rate greater than 95%, an average priority better than 3.0 and an invalid rate less than 10%.
Congratulations to Harie_cool for winning our Buggy Award for Top Bug Hunter, MVH.
Harie_cool is currently 6th place in the crowd, is based in India and has been with Bugcrowd since 2014 and submitted 90 valid submissions in 2015 with an average priority of 2.8.
While we only recognized a handful of people who delivered awesome work in 2015, we’d also like to thank the community as a whole for an awesome 2015, and for going above and beyond in 2016 so far. The year is young, but we’ve already seen some amazing research and can’t wait to see what the rest of the year brings to celebrate next year for our Second Annual Buggy Awards.