Security Researchers Join Forces in World's Largest Live "Bug Bash"

Friday, December 20, 2013

InfosecIsland News


Facebook, Google, Evernote, Yahoo, Etsy among the companies that joined with software security experts in the World's Largest Security Bug Hunt, Hosted by Bugcrowd

For three nights, security researchers from 30 countries joined forces to hunt down security issues in software that powers the Internet and some of the world's most commonly used applications.

Hosted by Bugcrowd, a provider of bug bounty services, the "Bug Bash" was the biggest event of its kind, garnering support from Facebook and the OWASP organization as sponsoring partners. The event was held at AppSec USA, OWASP's annual North American conference, which was held in NYC, Nov. 18-21.  

Global technology companies showed support at the event. Several companies including Facebook, Avast, and Yandex even increased their bounty offerings in conjunction with the Bug Bash to encourage global participation. Additionally, representatives from Facebook, Google, Etsy, Yandex and Prezi were onsite each night to help direct researchers and show support for their respective programs.


  • Three days: live at OWASP AppSec USA 2013 and online at (Nov. 18 - 20).
  • 100 local participants joined together into teams of 4-5 to identify issues.
  • 324 submissions reported by AppSec attendees and Bugcrowd's 4600 global security researchers.
  • 49 validated vulnerabilities. 36 of those were reported in only two vendors.
  • An estimated $15,000 - $20,000 USD in vulnerability rewards identified and distributed during the event.
  • Participation and support from Facebook, Google, Evernote, Yahoo, Etsy, Prezi,, LaunchKey, Avast, Yandex.

Complete results, including ranking of company by vulnerabilities:

Bug bounties are gaining in popularity. Well-known Internet companies are now paying rewards between$100- $30,000 for identifying security flaws, depending on the severity of the issue. Researchers around the globe are collaborating and competing to identify security issues that affect consumers' privacy and security.

"This was a wonderful showcase for the OWASP community," said Tom Brennan, Co-Organizer, AppSec USA. "Locally, it demonstrated what can happen when software security professionals can do when they are in the same room together. Globally, it was a reminder that there are no physical or temporal limit to the passion our community has for securing applications."

"AppSec USA 2013 helped us reach an important new milestone," said Casey Ellis, CEO, Bugcrowd. "Doing the bug bounty live in a physical location in addition to the traditional online component created an exciting new dimension that we hope to incorporate into future campaigns."

Bugcrowd estimated the earnings of security researchers participating in the event to be between$15,000 and $20,000 USD.

Established in 2004, AppSec USA is the marquee North American conference from the OWASP Foundation Inc., a global, non-profit community focused on improving software security. Now in its ninth year, the event featured four days of exclusive research, panels, keynotes, master classes, career fair, an expo, special competitions, parties, and fun networking opportunities.

SOURCE: OWASP Foundation

Possibly Related Articles:
conference AppSec USA
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.