2024 Detectify Crowdsource Awards: Meet the Winners
It’s that time of year again! Here at Detectify, we’re excited to celebrate the talent and dedication of our Crowdsource community members with our annual …
Detectify
We paid out over $57,000 in bounties to Detectify Crowdsource hackers for Log4j vulnerabilities over the last month. Over the course of the last month since its discovery, the Log4j vulnerability was actively exploited by remote access trojans, ransomware, and advanced persistent threats. As many companies still lack the resources to run a rigid security team that can cope with the Apache log4j RCE vulnerabilities, that is where ethical hackers and Crowdsource come in.
Detectify Crowdsource is not like any other bug bounty platform. Instead of hunting for bugs in the systems of a single target, hackers search for vulnerabilities in widely used software that can be automated into tests and scaled to protect thousands of customers globally through Detectify Crowdsource. Each time a unique vulnerability finding is produced in a customer asset, we issue a bounty to the ethical hacker who submitted the vulnerability to us. Ethical hackers on Detectify Crowdsource earn bounties on their portfolio of vulnerabilities for as long as that vulnerability is present in our growing customer base.
Detectify’s approach to crowdsourcing vulnerabilities shined during the height of CVE-2021-44228. Log4j affects technologies everywhere, which allowed our crowdsourced approach to shine. Soon after we became aware of the widespread impact of Log4j, we mobilized users on our platform by running a special bonus period in December. We got an overwhelming number of submissions from our dedicated hackers. By the end of this period, we awarded over $57,000 in bounties to our community of ethical hackers.
Thanks to the Crowdsource community, Detectify now scans for Log4j vulnerabilities in a host of technologies including:
We were able to award these bounties through one of our perks: bonus periods. Bonus periods are a time-limited event with specific requirements for submissions. Requirements for bonus bounty could for example be finding vulnerabilities in specific products (like Log4j). A single lump-sum payout is given to 0-day submissions and submissions compatible with our open-source web scanner Ugly Duckling. We run bonus periods for many different reasons, but generally, it’s in response to something – such as Log4j – that we believe can help our thousands of customers around the planet.
Our members enjoy bonus periods because it allows them to focus on a specific technology or tasks for a limited time – they also have a chance to earn big rewards during that time! But that’s not the only benefit they get on Detectify Crowdsource.
Ethical hacking has been at the core of everything we do at Detectify. That’s why we created Detectify Crowdsource, to bring the security knowledge from leading ethical hackers to thousands of customers around the globe through automation. Our platform is built for ethical hackers who want their next vulnerability finding to protect more than a single target. The best part: hackers on Detectify Crowdsource earn bounties for each unique hit their vulnerability produces in our customer base.
We offer more than continuous payouts and bonus periods for members. We also offer members a variety of other benefits, such as:
It’s that time of year again! Here at Detectify, we’re excited to celebrate the talent and dedication of our Crowdsource community members with our annual …
We at Detectify are thrilled to present the 2023 Detectify Crowdsource Awards, akin to the Oscars or Grammys of ethical hacking. The awards are our …