Security Researchers Join Forces in World's Largest Live "Bug Bash" at OWASP AppSec USA 2013

Facebook, Google, Evernote, Yahoo, Etsy among the companies that joined with software security experts in the World's Largest Security Bug Hunt, Hosted by Bugcrowd

NEW YORK, Dec. 20, 2013 /PRNewswire-USNewswire/ -- For three nights, security researchers from 30 countries joined forces to hunt down security issues in software that powers the Internet and some of the world's most commonly used applications.

(Logo: http://photos.prnewswire.com/prnh/20130924/DC85794LOGO)

Hosted by Bugcrowd (www.bugcrowd.com), the leading provider of bug bounty services, the "Bug Bash" was the biggest event of its kind, garnering support from Facebook and the OWASP organization as sponsoring partners. The event was held at AppSec USA (www.appsecusa.org), OWASP's annual North American conference, which was held in NYC, Nov. 18-21.  

Global technology companies showed support at the event. Several companies including Facebook, Avast, and Yandex even increased their bounty offerings in conjunction with the Bug Bash to encourage global participation. Additionally, representatives from Facebook, Google, Etsy, Yandex and Prezi were onsite each night to help direct researchers and show support for their respective programs.

Statistics:

• Three days: live at OWASP AppSec USA 2013 and online at Bugcrowd.com (Nov. 18 - 20).
• 100 local participants joined together into teams of 4-5 to identify issues.
• 324 submissions reported by AppSec attendees and Bugcrowd's 4600 global security researchers.
• 49 validated vulnerabilities. 36 of those were reported in only two vendors.
• An estimated $15,000 - $20,000 USD in vulnerability rewards identified and distributed during the event.
• Participation and support from Facebook, Google, Evernote, Yahoo, Etsy, Prezi, Tagged.com, LaunchKey, Avast, Yandex.

Complete results, including ranking of company by vulnerabilities: https://bugcrowd.com/bugbash

Bug bounties are gaining in popularity. Well-known Internet companies are now paying rewards between $100- $30,000 for identifying security flaws, depending on the severity of the issue. Researchers around the globe are collaborating and competing to identify security issues that affect consumers' privacy and security.

"This was a wonderful showcase for the OWASP community," said Tom Brennan, Co-Organizer, AppSec USA. "Locally, it demonstrated what can happen when software security professionals can do when they are in the same room together. Globally, it was a reminder that there are no physical or temporal limit to the passion our community has for securing applications."

"AppSec USA 2013 helped us reach an important new milestone," said Casey Ellis, CEO, Bugcrowd. "Doing the bug bounty live in a physical location in addition to the traditional online component created an exciting new dimension that we hope to incorporate into future campaigns."

Bugcrowd estimated the earnings of security researchers participating in the event to be between $15,000 and $20,000 USD.

Established in 2004, AppSec USA is the marquee North American conference from the OWASP Foundation Inc., a global, non-profit community focused on improving software security. Now in its ninth year, the event featured four days of exclusive research, panels, keynotes, master classes, career fair, an expo, special competitions, parties, and fun networking opportunities.

MEDIA CONTACT:
Bill Lessard
PRwithBrains for AppSec USA 
[email protected]

SOURCE OWASP Foundation