Company type | Private |
---|---|
Industry | Cybersecurity |
Founded | 2012 |
Founders | Casey Ellis, Chris Raethke, Sergei Belokamen |
Headquarters | San Francisco, California and Australia |
Key people |
|
Website | bugcrowd |
Bugcrowd is a crowdsourced security platform. [1] [2] [3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. [4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management. [5] [6] [7]
Bugcrowd was founded in Sydney, Australia in 2012. As of 2018 [update] , its main headquarters is in San Francisco, with other offices in Sydney and London. [8]
In May 2024, Bugcrowd acquired attack surface management company, Informer. [9]
Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers. [10] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million. [10]
Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million. [11]
Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016. [12] [13]
In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners. [14]
Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures. [15] [16]
As of 2020 [update] , Bugcrowd worked with 65 industries across 29 countries. [16] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay. [17] [5]
Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug. [18] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty. [19]
Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security. [20]
Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000. [21] [22]
In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the severity of the vulnerabilities that were found, with 21 critical findings identified. [23]
Bugcrowd also runs programs for the U.S. DOD, the Air Force, NASA and DDS. [24] [25]
In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer. [26] [27]
The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them. [28] [29]
Gengo was a web-based translation platform headquartered in Tokyo.
SonicWall is an American cybersecurity company that sells a range of Internet appliances primarily directed at content control and network security. These include devices providing services for network firewalls, unified threat management (UTM), virtual private networks (VPNs), virtual firewalls, SD-WAN, cloud security and anti-spam for email. The company also markets information subscription services related to its products. The company also assists in solving problems surrounding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS).
A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.
Truecaller is a smartphone application that has features of caller ID, call-blocking, flash-messaging, call-recording, chat and voice by using the Internet. It requires users to provide a standard cellular mobile number for registering with the service. The app is available for Android and iOS.
Udemy, Inc. is an education technology company, founded in May 2010 by Eren Bali, Gagan Biyani, and Oktay Caglar. It is based in San Francisco, California, United States, with hubs in Denver, Colorado; Dublin, Ireland; Austin, Texas; Melbourne, Australia; İstanbul, Turkey, and Gurgaon, India.
Zimperium, Inc. is a privately owned mobile security company based in the United States and headquartered in Dallas, Texas. Zimperium provides a mobile security platform purpose-built for enterprise environments.
Grammarly is a writing assistant. It reviews the spelling, grammar, and tone of a piece of writing as well as identifying possible instances of plagiarism. It can also can suggest style and tonal recommendations to users and produce writing from prompts with its generative AI capabilities.
A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
HackerOne is a company specializing in cybersecurity, specifically attack resistance management, which blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the digital attack surface. It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure. As of December 2022, HackerOne's network had paid over $230 million in bounties. HackerOne's customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo.
Brainly is an education company based in Kraków, Poland, with headquarters in New York City. It is an AI-powered homework help platform targeting students and parents. As of November 2020, Brainly reported having 15 million daily active users, making it the world's most popular education app. In 2024, FlexOS reported Brainly as the #1 Generative AI Tool in the education category and the #6 Generative AI Tool overall. Also in 2024, Andreessen Horowitz reported Brainly as #6 in the Top 50 Gen AI Mobile Apps by monthly active users.
Mapillary is a service for sharing crowdsourced geotagged photos, developed by remote company Mapillary AB, based in Malmö, Sweden. Mapillary was launched in 2013 and acquired by Meta Platforms, Inc. in 2020. It offers street level imagery similar to Google Street View.
Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.
Synack is an American technology company based in Redwood City, California, United States. The company uses a crowdsourced network of white-hat hackers to find exploitable vulnerabilities and a SaaS platform enabled by AI and machine learning to identify these vulnerabilities. Customers include government agencies and businesses in retail, healthcare, and the manufacturing industry.
NordVPN is a Lithuanian VPN service with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, and tvOS. Manual setup is available for wireless routers, NAS devices, and other platforms.
Rafay Baloch is a Pakistani ethical hacker and security researcher. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, The Express Tribune and TechCrunch. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award. In 2021, Islamabad High court designated Rafay Baloch as an amicus curia for a case concerning social media regulations.
Jack Cable is an American computer security researcher and software developer who currently serves as a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.
Sam Curry is an American ethical hacker, bug bounty hunter, and founder. He is best known for his contributions to web application security through participation in bug bounty programs, most notably finding critical vulnerabilities in 20 different auto manufacturers including Porsche, Mercedes-Benz, Ferrari, and Toyota. In 2018, Curry began working as a security consultant through his company Palisade where he disclosed vulnerability publications for security findings in Apple, Starbucks, Jira, and Tesla.
YesWeHack is a global security company headquartered in Paris, France. It provides a crowdsourced platform for bug bounty programs where ethical hackers can report security exploits and vulnerabilities. It was founded in 2015 by Guillaume Vassault-Houlière, Manuel Dorne and Romain Lecoeuvre.
The Poly Network exploit was an attack conducted by anonymous hackers on August 10, 2021. The attack transferred over $610 million in digital cryptocurrency to the hackers. All assets were returned to Poly Network over the following 15 days. It was one of the largest security incidents in DeFi's history in terms of mark-to-market value.