Many organisations consider the Certified Information Systems Security Professional (CISSP) qualification as being essential for prospective security personnel. To maintain such certification members need to continue their professional activities and now they can do so by bug hunting.
Any legitimate bug that is found via Bugcrowd bounty hunters is eligible unless, alas, it is one that attracts a payment. But, hey, I guess you can’t have it both ways can you?
Here is the press release –
Crowdsourced security startup Bugcrowd today announced testers participating in its bug bounty programs will for the first time be able to earn professional development credits recognised by the International Information Systems Certification Consortium (ISC)2® for its CISSP® accreditation.
“To our knowledge, this is the first time security professionals have been able to build their professional qualifications while helping to identify and report security issues in a crowdsourced security community ,” said Casey Ellis, Bugcrowd’s co-founder and CEO.
“Bug bounties are used by brands such as Google, Facebook and PayPal to uncover security flaws in their systems, but bug bounties are impossible for companies without the audience reach of these large brands, because they can’t recruit the testers they need.”
In a bug bounty program, testers compete with each other to be the first to identify security flaws in a web application, the kind of issues that result in the loss of sensitive customer and business information, such as credit card details and logins.
“This announcement is another validation that our fast-growing security testing community is being recognised for rapid, high-quality, professional security work,” Ellis said.
“Bugcrowd has a novel approach to the problem of recruiting security testers,” said Wim Remes, (ISC)2® board member.
“I’m excited to see security professionals getting engaged in Bugcrowd campaigns for a wide range of customers. I’m convinced that the combination of educational opportunities for skilled professionals and Bugcrowd’s commitment to providing a high-quality and secure testing environment for their clients will yield benefits for all involved,” Remes said.
Jeremiah Grossman, founder and CTO of industry leading web security firm WhiteHat Security, said he was confident Bugcrowd could leverage CISSP® accreditation to continue growing and exciting security testers in the community.
“Just about any organisation with web-facing applications may benefit from offering a bug bounty program. Bugcrowd makes deploying such programs easy and accessible to businesses of any shape and size. The CISSP® accreditation enables Bugcrowd to reward the security testers above and beyond just money,” Grossman said.