Bugcrowd is a crowdsourced security platform.[1][2][3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet.[4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.[5][6][7]
Company type | Private |
---|---|
Industry | Cybersecurity |
Founded | 2012 |
Founders | Casey Ellis, Chris Raethke, Sergei Belokamen |
Headquarters | San Francisco, California and Australia |
Key people |
|
Website | bugcrowd |
History
editBugcrowd was founded in Sydney, Australia in 2012. As of 2018[update], its main headquarters is in San Francisco, with other offices in Sydney and London.[8]
In May 2024, Bugcrowd acquired attack surface management company, Informer.[9]
Funding
editBugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers.[10] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million.[10]
Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million.[11]
Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016.[12][13]
In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners.[14]
Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures.[15][16]
Clients
editAs of 2020[update], Bugcrowd worked with 65 industries across 29 countries.[16] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay.[17][5]
Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug.[18] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty.[19]
Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security.[20]
Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000.[21][22]
In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the severity of the vulnerabilities that were found, with 21 critical findings identified.[23]
Bugcrowd also runs programs for the U.S. DOD, the Air Force and DDS.[24][25]
Other projects
editIn 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer.[26][27]
The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them.[28][29]
See also
editReferences
edit- ^ "Hackers Receive $500,000 in One Week via Bugcrowd". SecurityWeek.Com. 11 November 2019. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
- ^ "HackerOne connects hackers with companies and hopes for a win-win". The New York Times. June 7, 2015. Archived from the original on June 11, 2015. Retrieved October 28, 2015.
- ^ "Here's the Netflix account compromise Bugcrowd doesn't want you to know about". Ars Technica. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
- ^ "TechCrunch is now a part of Verizon Media". techcrunch.com. 31 May 2019. Archived from the original on March 28, 2020. Retrieved March 22, 2020.
- ^ a b "Top 5 Bug Bounty Platforms to Watch in 2021". thehackernews.com. 8 February 2021. Archived from the original on 7 July 2021.
- ^ "Penetration Testing as a Service". Bugcrowd. Retrieved 17 October 2023.
- ^ "Attack Surface Management". Bugcrowd. Retrieved 17 October 2023.
- ^ Michael Bailey (5 March 2018). "Aussie cyber security bounty hunter Bugcrowd has big plans after $33m round". afr.com. Australian Financial Review. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ Lunden, Ingrid (May 23, 2024). "Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops". Techcrunch.
- ^ a b Mahesh Sharma (4 September 2013). "Bugcrowd Raises $1.6 Million To Expand Bug Bounty Marketplace". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ "Bugcrowd Raises $6 Million In Series A Funding To Further Accelerate Enterprise Adoption Of Crowdsourced Security". prnewswire.com. PR Newswire. 12 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ Ben Kepes (20 April 2016). "Bugcrowd raises cash because of the power of the people". networkworld.com. Network World. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ Sean Sposito (20 April 2016). "Amid bug bounty appeal, Bugcrowd raises Series B". sfgate.com. San Francisco Chronicle. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ "Bugcrowd Raises $26 Million to Expand Vulnerability Hunting Business". SecurityWeek.Com. March 2018. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
- ^ "Bugcrowd raises $30M in Series D to expand its bug bounty platform". TechCrunch. 9 April 2020. Retrieved 2021-01-09.
- ^ a b Zack Whittaker (9 April 2020). "Bugcrowd raises $30M in Series D to expand its bug bounty platform". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ Zaid Shoorbajee (1 March 2018). "Bugcrowd raises $26 million in latest funding round". cyberscoop.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ "Bugcrowd Enters Financial Sector, Announces Managed Bug Bounty Program for Western Union". prnewswire.com. PR Newswire. 11 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ "NAB LAUNCHES CYBER BUG BOUNTY PROGRAM". news.nab.com.au. National Australia Bank. 25 September 2020. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ "Bugcrowd's Crowdsourced Cybersecurity Platform Helps Pay Over $2M to Researchers for Samsung Mobile Rewards Program". darkreading.com. 17 November 2020. Archived from the original on 2 December 2020. Retrieved 2021-07-07.
- ^ Julian Berton (29 January 2019). "Get involved with SEEK's $10K Bug Bounty Program". medium.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ "Reporting Security Vulnerabilities". seek.com.au. Retrieved 2021-07-07.
- ^ Joel Khalili (16 July 2020). "Calling all ethical VPN hackers: ExpressVPN launches new-look bug bounty program". techradar.com. TechRadar. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ Aaron Boyd (24 October 2018). "DOD Invests $34 Million in Hack the Pentagon Expansion". nextgov.com. Archived from the original on 26 November 2020. Retrieved 2021-07-07.
- ^ Lauren Knausenberger (21 May 2020). "Leading innovation in the US Air Forces". businesschief.com. Archived from the original on 7 July 2021.
- ^ Gallagher, Sean (2 August 2018). "New open source effort: Legal code to make reporting security bugs safer". Ars Technica. Retrieved 17 October 2023.
- ^ Haworth, Jessica (14 August 2018). "Open source Disclose.io framework bridges legal gap in bug reporting". The Daily Swig. PortSwigger Web Security. Retrieved 17 October 2023.
- ^ "Top 10 cybersecurity online courses for 2021". techtarget.com. TechTarget. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
- ^ "Bugcrowd University Opens Its Doors to the Crowd". Bugcrowd. 8 August 2018. Retrieved 17 October 2023.