Since 2013, (ISC)2 has been both a customer and a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to those maintining their CISSP certification. 


The (ISC)2 Bounty Program:


(ISC)2 has run a public bounty offering Kudos points and potential CPE credits for nearly two years. Read their full bounty program brief here.

Earn CPE Credits for Bug Hunting:

(ISC)2 certifications are amongst the most widely recognized in the information security industry. There are over 100,000 CISSPs worldwide and many organizations consider the CISSP a “must-have” in their information security candidates.

To maintain their certification (ISC)2 members need to engage in eligible “continuing professional experience” activities, which now incuding bug bounty participation.

Here’s how it works:

  • Sign up to join the Bugcrowd security researchers.
  • Find a bug in one of our bounties and submit it to us.
  • If you hold a CISSP, CSSLP, SSCP or CSSLP holder enter your (ISC)2 member number and the approximate time spend finding the bug in the bug submission form.
  • The time spent on any submission which is valid and doesn’t result in a payment (i.e. any charity bounty, and non-first valid findings in a paid bounty) is a valid CPE activity.
  • If your submission is valid then, at the end of each month, we’ll submit your contribution for that month to the (ISC)2.