Bug bounties recognised in infosec qualifications

Bug bounties are now being viewed as contributing to the CISSP information security accreditation, with an Australian startup leading the way in the new practice.

The International Information Systems Certification Consortium ((ISC)²) has recognised the contribution that bug bounties can have in building security professionals' qualifications, accepting Aussie startup Bugcrowd 's bounties as a means to fulfill Certified Information Systems Security Professional (CISSP) accreditation requirements.

According to Bugcrowd co-founder and CEO Casey Ellis, it is the first time a crowdsourced model has been accepted as a means to recognise a security professionals' abilities.

"This announcement is another validation that our fast-growing security testing community is being recognised for rapid, high-quality, professional security work," he said.

Wim Remes, an (ISC)² board member, threw his support behind Bugcrowd as part of the announcement.

"I'm convinced that the combination of educational opportunities for skilled professionals, and Bugcrowd's commitment to providing a high-quality and secure testing environment for their clients, will yield benefits for all involved," Remes said.

WhiteHat security founder and CTO Jeremiah Grossman also said the announcement showed that Bugcrowd was about more than simply providing security professionals with monetary rewards, and that it benefited everyone involved.

"Just about any organisation with web-facing applications may benefit from offering a bug bounty program. Bugcrowd makes deploying such programs easy and accessible to businesses of any shape and size," he said.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All