With the increased adoption of bug bounty programs by companies such as Facebook, Google, AT&T, and Etsy, it’s no wonder bug bounty security startup Bugcrowd has been able to gain momentum and establish itself as a thought leader in this space.
Bugcrowd fully-manages bug bounties for companies who are interested in increasing their security without having to spend resources developing their own in-house program. In case the concept is unfamiliar, a bug bounty is a reward provided by a company to a tester who reports a bug in their software product. Bugcrowd manages the end to end process, which includes tester communication, verifying submissions, managing payments, and community relations.
Bugcrowd was founded by Australians Casey Ellis and Chris Raethke, and is now headquartered in San Francisco, CA. Since its inception in the early 2013, Bugcrowd has:
– Managed over 50 bug bounties for companies.
– Received over 8150 bug submissions.
– Grown to a community of over 6000 security testers.
Their Crowdcontrol platform allows testers to view active bug bounties, which as of Jan 20th included 6 different companies. If you’re a security tester looking to get involved, feel free to create a tester profile here.
2014 Bugcrowd Plans
In the first quarter of 2014, Bugcrowd plans on releasing a new set of plans and features, which will provide bug bounty services to companies of different stages and sizes looking to increase their security. The details are still confidential, so stay tuned for news at Information Security Buzz about this!
Bugcrowd on Responsible Disclosure
Lately, Bugcrowd has been active in news around responsible disclosure and the 16 year old hacker Joshua Rogers, who infiltrated Australia’s Public Transport Victoria website. The case has brought awareness around the need for Responsible Disclosure, a set of rules and guidelines a site provides in regards to hackers who discover vulnerabilities on their site. By providing transparent rules to those who discover a security breach within an app, a movement toward mandatory Responsible Disclosure would eliminate the gray area that plagues the Joshua Rogers case.
Casey Ellis, CEO of Bugcrowd, @bugcrowd
Bio:Casey has spent 12 years in information security, servicing clients ranging from startups to multinational corporations as a security and risk consultant and solutions architect. At some point he realized he was quite fond of product and startups and went on to found Bugcrowd Inc, where he now sits as CEO. He likes thinking like a bad guy (while not actually being one).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.