Research reports & position papers

Bug Bounties – Working Towards a Fairer and Safer Marketplace With rapid growth in the bug bounty marketplace, the CREST Bug Bounties Report explores good and bad practice to establish how to better understand bug bounty programmes and how they fit into the wider technical assurance framework. It also highlights the need to provide advice to buyers of bug bounty services and protect the interests.

CREST and NCA Cyber Crime Report – CREST member companies met the National Crime Agency’s National Cyber Crime Unit (NCA NCCU) to assist in their efforts to prevent young people being tempted to participate in illegal online activities. The discussion paper is now available.

Industrial Control Systems Technical Security Assurance – This Position Paper presents the findings from a CREST project on the Technical Security Assurance of Industrial Control Systems (ICS). It is based on detailed research and includes insights, commentary and analysis garnered from subject matter experts through: Requirements and validation workshops held at CREST member facilities;  Desktop review of published literature on ICS security; and ICS security testing.

Closing the Gender Gap in Cyber Security – CREST releases report exploring the reasons behind the lack of gender diversity in cyber security and looking at ways to drive change