Bugcrowd

Last updated
Bugcrowd
Company typePrivate
Industry Cybersecurity
Founded2012
FoundersCasey Ellis, Chris Raethke, Sergei Belokamen
Headquarters San Francisco, California and Australia
Key people
  • David Gerry (CEO)
  • Casey Ellis (Founder, Chief Strategy Officer)
  • Nick McKenzie (CI&SO)
  • Robert Taccini (CFO)
Website bugcrowd.com

Bugcrowd is a crowdsourced security platform. [1] [2] [3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. [4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management. [5] [6] [7]

Contents

History

Bugcrowd was founded in Sydney, Australia in 2012. As of 2018, its main headquarters is in San Francisco, with other offices in Sydney and London. [8]

In May 2024, Bugcrowd acquired attack surface management company, Informer. [9]

Funding

Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers. [10] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million. [10]

Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million. [11]

Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016. [12] [13]

In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners. [14]

Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures. [15] [16]

Clients

As of 2020, Bugcrowd worked with 65 industries across 29 countries. [16] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay. [17] [5]

Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug. [18] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty. [19]

Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security. [20]

Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000. [21] [22]

In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the severity of the vulnerabilities that were found, with 21 critical findings identified. [23]

Bugcrowd also runs programs for the U.S. DOD, the Air Force, NASA and DDS. [24] [25]

Other projects

In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer. [26] [27]

The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them. [28] [29]

See also

Related Research Articles

<span class="mw-page-title-main">Gengo</span> Japanese web-based translation platform

Gengo was a web-based translation platform headquartered in Tokyo.

SonicWall is an American cybersecurity company that sells a range of Internet appliances primarily directed at content control and network security. These include devices providing services for network firewalls, unified threat management (UTM), virtual private networks (VPNs), virtual firewalls, SD-WAN, cloud security and anti-spam for email. The company also markets information subscription services related to its products. The company also assists in solving problems surrounding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS).

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

Truecaller is a smartphone application that has features of caller ID, call-blocking, flash-messaging, call-recording, chat and voice by using the Internet. It requires users to provide a standard cellular mobile number for registering with the service. The app is available for Android and iOS.

<span class="mw-page-title-main">Udemy</span> American online learning platform

Udemy, Inc. is an education technology company, founded in May 2010 by Eren Bali, Gagan Biyani, and Oktay Caglar. It is based in San Francisco, California, United States, with hubs in Denver, Colorado; Dublin, Ireland; Austin, Texas; Melbourne, Australia; İstanbul, Turkey, and Gurgaon, India.

Zimperium, Inc. is a privately owned mobile security company based in the United States and headquartered in Dallas, Texas. Zimperium provides a mobile security platform purpose-built for enterprise environments.

Grammarly is a writing assistant. It reviews the spelling, grammar, and tone of a piece of writing as well as identifying possible instances of plagiarism. It can also can suggest style and tonal recommendations to users and produce writing from prompts with its generative AI capabilities.

A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

HackerOne is a company specializing in cybersecurity, specifically attack resistance management, which blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the digital attack surface. It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure. As of December 2022, HackerOne's network had paid over $230 million in bounties. HackerOne's customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo.

<span class="mw-page-title-main">Brainly</span> Educational technology company

Brainly is an education company based in Kraków, Poland, with headquarters in New York City. It is an AI-powered homework help platform targeting students and parents. As of November 2020, Brainly reported having 15 million daily active users, making it the world's most popular education app. In 2024, FlexOS reported Brainly as the #1 Generative AI Tool in the education category and the #6 Generative AI Tool overall. Also in 2024, Andreessen Horowitz reported Brainly as #6 in the Top 50 Gen AI Mobile Apps by monthly active users.

<span class="mw-page-title-main">Mapillary</span> Swedish service for sharing crowdsourced geotagged photos

Mapillary is a service for sharing crowdsourced geotagged photos, developed by remote company Mapillary AB, based in Malmö, Sweden. Mapillary was launched in 2013 and acquired by Meta Platforms, Inc. in 2020. It offers street level imagery similar to Google Street View.

<span class="mw-page-title-main">Katie Moussouris</span> American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure

Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.

<span class="mw-page-title-main">Synack</span>

Synack is an American technology company based in Redwood City, California, United States. The company uses a crowdsourced network of white-hat hackers to find exploitable vulnerabilities and a SaaS platform enabled by AI and machine learning to identify these vulnerabilities. Customers include government agencies and businesses in retail, healthcare, and the manufacturing industry.

NordVPN is a Lithuanian VPN service with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, and tvOS. Manual setup is available for wireless routers, NAS devices, and other platforms.

<span class="mw-page-title-main">Rafay Baloch</span> Pakistani ethical hacker and security researcher (born 1993)

Rafay Baloch is a Pakistani ethical hacker and security researcher. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, The Express Tribune and TechCrunch. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award. In 2021, Islamabad High court designated Rafay Baloch as an amicus curia for a case concerning social media regulations.

Jack Cable is an American computer security researcher and software developer who currently serves as a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.

Sam Curry is an American ethical hacker, bug bounty hunter, and founder. He is best known for his contributions to web application security through participation in bug bounty programs, most notably finding critical vulnerabilities in 20 different auto manufacturers including Porsche, Mercedes-Benz, Ferrari, and Toyota. In 2018, Curry began working as a security consultant through his company Palisade where he disclosed vulnerability publications for security findings in Apple, Starbucks, Jira, and Tesla.

YesWeHack is a global security company headquartered in Paris, France. It provides a crowdsourced platform for bug bounty programs where ethical hackers can report security exploits and vulnerabilities. It was founded in 2015 by Guillaume Vassault-Houlière, Manuel Dorne and Romain Lecoeuvre.

The Poly Network exploit was an attack conducted by anonymous hackers on August 10, 2021. The attack transferred over $610 million in digital cryptocurrency to the hackers. All assets were returned to Poly Network over the following 15 days. It was one of the largest security incidents in DeFi's history in terms of mark-to-market value.

References

  1. "Hackers Receive $500,000 in One Week via Bugcrowd". SecurityWeek.Com. 11 November 2019. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  2. "HackerOne connects hackers with companies and hopes for a win-win". The New York Times. June 7, 2015. Archived from the original on June 11, 2015. Retrieved October 28, 2015.
  3. "Here's the Netflix account compromise Bugcrowd doesn't want you to know about". Ars Technica. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  4. "TechCrunch is now a part of Verizon Media". techcrunch.com. 31 May 2019. Archived from the original on March 28, 2020. Retrieved March 22, 2020.
  5. 1 2 "Top 5 Bug Bounty Platforms to Watch in 2021". thehackernews.com. 8 February 2021. Archived from the original on 7 July 2021.
  6. "Penetration Testing as a Service". Bugcrowd. Retrieved 17 October 2023.
  7. "Attack Surface Management". Bugcrowd. Retrieved 17 October 2023.
  8. Michael Bailey (5 March 2018). "Aussie cyber security bounty hunter Bugcrowd has big plans after $33m round". afr.com. Australian Financial Review. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  9. Lunden, Ingrid (May 23, 2024). "Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops". Techcrunch.
  10. 1 2 Mahesh Sharma (4 September 2013). "Bugcrowd Raises $1.6 Million To Expand Bug Bounty Marketplace". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  11. "Bugcrowd Raises $6 Million In Series A Funding To Further Accelerate Enterprise Adoption Of Crowdsourced Security". prnewswire.com. PR Newswire. 12 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  12. Ben Kepes (20 April 2016). "Bugcrowd raises cash because of the power of the people". networkworld.com. Network World. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  13. Sean Sposito (20 April 2016). "Amid bug bounty appeal, Bugcrowd raises Series B". sfgate.com. San Francisco Chronicle. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  14. "Bugcrowd Raises $26 Million to Expand Vulnerability Hunting Business". SecurityWeek.Com. March 2018. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  15. "Bugcrowd raises $30M in Series D to expand its bug bounty platform". TechCrunch. 9 April 2020. Retrieved 2021-01-09.
  16. 1 2 Zack Whittaker (9 April 2020). "Bugcrowd raises $30M in Series D to expand its bug bounty platform". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  17. Zaid Shoorbajee (1 March 2018). "Bugcrowd raises $26 million in latest funding round". cyberscoop.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  18. "Bugcrowd Enters Financial Sector, Announces Managed Bug Bounty Program for Western Union". prnewswire.com. PR Newswire. 11 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  19. "NAB LAUNCHES CYBER BUG BOUNTY PROGRAM". news.nab.com.au. National Australia Bank. 25 September 2020. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  20. "Bugcrowd's Crowdsourced Cybersecurity Platform Helps Pay Over $2M to Researchers for Samsung Mobile Rewards Program". darkreading.com. 17 November 2020. Archived from the original on 2 December 2020. Retrieved 2021-07-07.
  21. Julian Berton (29 January 2019). "Get involved with SEEK's $10K Bug Bounty Program". medium.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  22. "Reporting Security Vulnerabilities". seek.com.au. Retrieved 2021-07-07.
  23. Joel Khalili (16 July 2020). "Calling all ethical VPN hackers: ExpressVPN launches new-look bug bounty program". techradar.com. TechRadar. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  24. Aaron Boyd (24 October 2018). "DOD Invests $34 Million in Hack the Pentagon Expansion". nextgov.com. Archived from the original on 26 November 2020. Retrieved 2021-07-07.
  25. Lauren Knausenberger (21 May 2020). "Leading innovation in the US Air Forces". businesschief.com. Archived from the original on 7 July 2021.
  26. Gallagher, Sean (2 August 2018). "New open source effort: Legal code to make reporting security bugs safer". Ars Technica. Retrieved 17 October 2023.
  27. Haworth, Jessica (14 August 2018). "Open source Disclose.io framework bridges legal gap in bug reporting". The Daily Swig. PortSwigger Web Security. Retrieved 17 October 2023.
  28. "Top 10 cybersecurity online courses for 2021". techtarget.com. TechTarget. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  29. "Bugcrowd University Opens Its Doors to the Crowd". Bugcrowd. 8 August 2018. Retrieved 17 October 2023.