Helping Organizations run Successful Crowdsourced Security Programs: Bugcrowd

“Bugcrowd’s revolutionary approach to cybersecurity brings together the world’s largest crowd of independent security researchers to the most innovative companies.”

Companies are in an unfair fight when it comes to cybersecurity. Regardless of how robust their security efforts are, companies will always be outnumbered by the thousands of malicious hackers worldwide. Based out of San Francisco, CA, USA, Bugcrowd makes it easy for companies of any size or industry to beat that army of adversaries with the largest, most qualified crowd of security testers for web, mobile, and IoT.

The company started its operations in Sydney, Australia while its’ founder, Casey Ellis, was running his penetration testing and security assessment firm. After seeing first hand the cybersecurity resourcing problem and the power of on-demand application testing, he began toying with the idea of delivering results driven testing at scale in an effort to level the cybersecurity playing field against a crowd of bad guys.

It takes a Crowd to Beat a Crowd
The company has access to the largest crowd of independent security researchers in the world. Bugcrowd’s crowd of over 25,000 white hat hackers are curated on the basis of their skill, activity level, impact and trust and are incentivized by Bugcrowd “Kudos” points or monetary rewards to find critical security flaws in anything written with code. Gone are the days of paying for effort: with Bugcrowd, organizations only pay for actual results.

The company’s vulnerability management platform, Crowdcontrol, provides Bugcrowd’s security researchers a secure platform to submit vulnerabilities to clients’ security teams. It also integrates with their companies backend issue tracking systems to make resolving vulnerabilities as painless as possible. The technology behind Crowdcontrol platform is built off of two data science components:

• Researcher selection – this consists of “connecting the right hackers to the right customers” and selecting the correct rewards model to achieve optimal results.
• Efficient processing of vulnerability data – once the right target, right researchers and right incentive are created for a program, the crowd hunts for vulnerabilities and submits them via the Crowdcontrol platform, which are in turn passed to the customer for processing and remediation.

Volume, efficiency and results based incentivization are what differentiates Bugcrowd from others in the security domain. The company is one of the best at finding real, critical vulnerabilities in web, mobile, IoT and infrastructure quickly. It is also the best at facilitating successful interactions between the group of hackers and the people who are protected and thereby transacting value on a daily basis.

Customer Base
Bugcrowd has the pleasure of working with some of the most innovative companies in the world, ranging from B2B technology companies to financial services companies. Some of its clients include Tesla, Western Union, Barracuda Networks and Pinterest.

Customer Testimonials
“Their researchers dig deep in their testing. Not only will they take a URL and test it for many days, but they also find what other systems just can’t identify.” – David Levin, Director, Information Security and End User Technology, Western Union

“Utilizing Bugcrowd’s researchers levels the playing field, and helps Pinterest find and fix vulnerabilities proactively instead of reactively.” – Paul Moreno, Former Security Engineering Lead, Pinterest

Future Outlook
For the future, Bugcrowd is focused on diversifying the applications of crowdsourced security. The company is planning to explore opportunities to advance the value of data that the researchers are producing and getting them paid more for the process.

Knowing the Key Executives

Casey Ellis, Founder and CEO – Casey has spent 12 years in information security, servicing clients ranging from startups to multinational corporations as a security and risk consultant and solutions architect. He’s a career infosec guy turned career entrepreneur. Casey is “the guy who had the crazy idea” which became Bugcrowd. He is happy as long as he’s got a problem to solve, an opportunity to develop, and a kick ass group of people to bring along for the ride.

Our revolutionary approach to cybersecurity brings together the world’s largest crowd of independent security researchers to the most innovative companies.

We give you all the tools necessary to run successful crowdsourced security programs.”