Type | Private |
---|---|
Industry | Cybersecurity |
Founded | 2012 |
Founders | Casey Ellis, Chris Raethke, Sergei Belokamen |
Headquarters | San Francisco, California and Australia |
Key people |
|
Website | bugcrowd |
Bugcrowd is a crowdsourced security platform. [1] [2] [3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. [4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management. [5] [6] [7]
Bugcrowd was founded in Sydney, Australia in 2012. As of 2018 [update] , its main headquarters is in San Francisco, with other offices in Sydney and London. [8]
Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers. [9] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million. [9]
Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million. [10]
Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016. [11] [12]
In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners. [13]
Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures. [14] [15]
As of 2020 [update] , Bugcrowd worked with 65 industries across 29 countries. [15] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay. [16] [5]
Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug. [17] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty. [18]
Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security. [19]
Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000. [20] [21]
In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the deverity of the vulnerabilities that were found, with 21 critical findings identified. [22]
Bugcrowd also runs programs for the U.S. DOD, the Air Force and DDS. [23] [24]
In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer. [25] [26]
The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them. [27] [28]
SonicWall is an American cybersecurity company that sells a range of Internet appliances primarily directed at content control and network security. These include devices providing services for network firewalls, unified threat management (UTM), virtual private networks (VPNs), virtual firewalls, SD-WAN, cloud security and anti-spam for email. The company also markets information subscription services related to its products. The company also assists in solving problems surrounding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS).
Truecaller is a smartphone application that has features of caller-identification, call-blocking, flash-messaging, call-recording, Chat & Voice by using the Internet. It requires users to provide a standard cellular mobile number for registering with the service. The app is available for Android and iOS.
Open Garden, Inc. is an American mobile virtual network operator (MVNO) based in Miami, Florida, that sells eSIM-based prepaid mobile data subscriptions.
Zimperium, Inc. is a privately owned mobile security company based in the United States and headquartered in Dallas, Texas. Zimperium provides a mobile security platform purpose-built for enterprise environments.
AnchorFree is an internet privacy and security company that provides businesses and consumers with advanced technologies to enable secure and private web browsing. The company's flagship product is Hotspot Shield, a popular virtual private network (VPN) service and the top-grossing app for productivity in the Apple App Store. The company is led by David Gorodyansky, who founded the firm in 2005 with his friend Eugene Malobrodsky. AnchorFree is headquartered in Redwood City, California, with offices in Ukraine and Russia. Its most recent fundraising round in 2018 brought in $295 million, bringing total funding to $358 million.
Adallom is a cloud security company based in Menlo Park, California. It secures enterprise software-as-a-service (SaaS) application usage, audits user activity, and protects employees and digital assets from threats in real time.
A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
HackerOne is a company specializing in cybersecurity, specifically attack resistance management, which blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the digital attack surface. It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure. As of December 2022, HackerOne’s network had paid over $230 million in bounties. HackerOne’s customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo.
Brainly is a Polish Multinational company based in Kraków, Poland, with headquarters in New York City. It is an AI-powered homework help platform targeting students and parents. As of November 2020, Brainly reported having 15 million daily active users, making it the world's most popular education app.
Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.
Synack is an American technology company based in Redwood City, California. The company uses a crowdsourced network of white-hat hackers to find exploitable vulnerabilities and a SaaS platform enabled by AI and machine learning to identify exploitable vulnerabilities. Customers include government agencies and businesses in retail, healthcare and the manufacturing industry.
NordVPN is a VPN service provided by Nordsec Ltd with applications for Microsoft Windows, macOS, Linux, Android, iOS, and Android TV. Manual setup is available for wireless routers, NAS devices, and other platforms.
Rafay Baloch is a Pakistani ethical hacker and security researcher known for his discovery of vulnerabilities on the Android operating system. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, and The Express Tribune. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award.
Jack Cable is an American computer security researcher and software developer. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.
Mozilla VPN is an open-source virtual private network web browser extension, desktop application, and mobile application developed by Mozilla. It launched in beta as Firefox Private Network on September 10, 2019, and officially launched on July 15, 2020, as Mozilla VPN.
Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."
JumpCloud is an American enterprise software company headquartered in Louisville, Colorado. The company was formally launched in 2013 at TechCrunch Disrupt Battlefield with its announcement of an automated server management tool. JumpCloud’s cloud based directory as a service platform is used to securely manage users identity, devices, and access across things such as VPN, Wi-Fi, Servers and workstations.
YesWeHack is a global security company headquartered in Paris, France. It provides a crowdsourced platform for bug bounty programs where ethical hackers can report security exploits and vulnerabilities. It was founded in 2015 by Guillaume Vassault-Houlière, Manuel Dorne and Romain Lecoeuvre.