Bugcrowd is a crowdsourced security platform.[1][2][3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet.[4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.[5][6][7]

Bugcrowd
Company typePrivate
IndustryCybersecurity
Founded2012
FoundersCasey Ellis, Chris Raethke, Sergei Belokamen
HeadquartersSan Francisco, California and Australia
Key people
  • David Gerry (CEO)
  • Casey Ellis (Founder, Chief Strategy Officer)
  • Nick McKenzie (CI&SO)
  • Robert Taccini (CFO)
Websitebugcrowd.com

History

edit

Bugcrowd was founded in Sydney, Australia in 2012. As of 2018, its main headquarters is in San Francisco, with other offices in Sydney and London.[8]

In May 2024, Bugcrowd acquired attack surface management company, Informer.[9]

Funding

edit

Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers.[10] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million.[10]

Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million.[11]

Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016.[12][13]

In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners.[14]

Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures.[15][16]

Clients

edit

As of 2020, Bugcrowd worked with 65 industries across 29 countries.[16] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay.[17][5]

Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug.[18] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty.[19]

Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security.[20]

Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000.[21][22]

In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the severity of the vulnerabilities that were found, with 21 critical findings identified.[23]

Bugcrowd also runs programs for the U.S. DOD, the Air Force and DDS.[24][25]

Other projects

edit

In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer.[26][27]

The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them.[28][29]

See also

edit

References

edit
  1. ^ "Hackers Receive $500,000 in One Week via Bugcrowd". SecurityWeek.Com. 11 November 2019. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  2. ^ "HackerOne connects hackers with companies and hopes for a win-win". The New York Times. June 7, 2015. Archived from the original on June 11, 2015. Retrieved October 28, 2015.
  3. ^ "Here's the Netflix account compromise Bugcrowd doesn't want you to know about". Ars Technica. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  4. ^ "TechCrunch is now a part of Verizon Media". techcrunch.com. 31 May 2019. Archived from the original on March 28, 2020. Retrieved March 22, 2020.
  5. ^ a b "Top 5 Bug Bounty Platforms to Watch in 2021". thehackernews.com. 8 February 2021. Archived from the original on 7 July 2021.
  6. ^ "Penetration Testing as a Service". Bugcrowd. Retrieved 17 October 2023.
  7. ^ "Attack Surface Management". Bugcrowd. Retrieved 17 October 2023.
  8. ^ Michael Bailey (5 March 2018). "Aussie cyber security bounty hunter Bugcrowd has big plans after $33m round". afr.com. Australian Financial Review. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  9. ^ Lunden, Ingrid (May 23, 2024). "Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops". Techcrunch.
  10. ^ a b Mahesh Sharma (4 September 2013). "Bugcrowd Raises $1.6 Million To Expand Bug Bounty Marketplace". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  11. ^ "Bugcrowd Raises $6 Million In Series A Funding To Further Accelerate Enterprise Adoption Of Crowdsourced Security". prnewswire.com. PR Newswire. 12 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  12. ^ Ben Kepes (20 April 2016). "Bugcrowd raises cash because of the power of the people". networkworld.com. Network World. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  13. ^ Sean Sposito (20 April 2016). "Amid bug bounty appeal, Bugcrowd raises Series B". sfgate.com. San Francisco Chronicle. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  14. ^ "Bugcrowd Raises $26 Million to Expand Vulnerability Hunting Business". SecurityWeek.Com. March 2018. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  15. ^ "Bugcrowd raises $30M in Series D to expand its bug bounty platform". TechCrunch. 9 April 2020. Retrieved 2021-01-09.
  16. ^ a b Zack Whittaker (9 April 2020). "Bugcrowd raises $30M in Series D to expand its bug bounty platform". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  17. ^ Zaid Shoorbajee (1 March 2018). "Bugcrowd raises $26 million in latest funding round". cyberscoop.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  18. ^ "Bugcrowd Enters Financial Sector, Announces Managed Bug Bounty Program for Western Union". prnewswire.com. PR Newswire. 11 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  19. ^ "NAB LAUNCHES CYBER BUG BOUNTY PROGRAM". news.nab.com.au. National Australia Bank. 25 September 2020. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  20. ^ "Bugcrowd's Crowdsourced Cybersecurity Platform Helps Pay Over $2M to Researchers for Samsung Mobile Rewards Program". darkreading.com. 17 November 2020. Archived from the original on 2 December 2020. Retrieved 2021-07-07.
  21. ^ Julian Berton (29 January 2019). "Get involved with SEEK's $10K Bug Bounty Program". medium.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  22. ^ "Reporting Security Vulnerabilities". seek.com.au. Retrieved 2021-07-07.
  23. ^ Joel Khalili (16 July 2020). "Calling all ethical VPN hackers: ExpressVPN launches new-look bug bounty program". techradar.com. TechRadar. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  24. ^ Aaron Boyd (24 October 2018). "DOD Invests $34 Million in Hack the Pentagon Expansion". nextgov.com. Archived from the original on 26 November 2020. Retrieved 2021-07-07.
  25. ^ Lauren Knausenberger (21 May 2020). "Leading innovation in the US Air Forces". businesschief.com. Archived from the original on 7 July 2021.
  26. ^ Gallagher, Sean (2 August 2018). "New open source effort: Legal code to make reporting security bugs safer". Ars Technica. Retrieved 17 October 2023.
  27. ^ Haworth, Jessica (14 August 2018). "Open source Disclose.io framework bridges legal gap in bug reporting". The Daily Swig. PortSwigger Web Security. Retrieved 17 October 2023.
  28. ^ "Top 10 cybersecurity online courses for 2021". techtarget.com. TechTarget. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  29. ^ "Bugcrowd University Opens Its Doors to the Crowd". Bugcrowd. 8 August 2018. Retrieved 17 October 2023.
edit