Bugcrowd

Last updated
Bugcrowd
TypePrivate
Industry Cybersecurity
Founded2012
FoundersCasey Ellis, Chris Raethke, Sergei Belokamen
Headquarters San Francisco, California and Australia
Key people
  • David Gerry (CEO)
  • Casey Ellis (Founder, Chief Strategy Officer)
  • Nick McKenzie (CI&SO)
  • Robert Taccini (CFO)
Website bugcrowd.com

Bugcrowd is a crowdsourced security platform. [1] [2] [3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. [4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management. [5] [6] [7]

Contents

History

Bugcrowd was founded in Sydney, Australia in 2012. As of 2018, its main headquarters is in San Francisco, with other offices in Sydney and London. [8]

Funding

Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers. [9] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million. [9]

Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million. [10]

Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016. [11] [12]

In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners. [13]

Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures. [14] [15]

Clients

As of 2020, Bugcrowd worked with 65 industries across 29 countries. [15] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay. [16] [5]

Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug. [17] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty. [18]

Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security. [19]

Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000. [20] [21]

In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the deverity of the vulnerabilities that were found, with 21 critical findings identified. [22]

Bugcrowd also runs programs for the U.S. DOD, the Air Force and DDS. [23] [24]

Other projects

In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer. [25] [26]

The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them. [27] [28]

Related Research Articles

SonicWall is an American cybersecurity company that sells a range of Internet appliances primarily directed at content control and network security. These include devices providing services for network firewalls, unified threat management (UTM), virtual private networks (VPNs), virtual firewalls, SD-WAN, cloud security and anti-spam for email. The company also markets information subscription services related to its products. The company also assists in solving problems surrounding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS).

<span class="mw-page-title-main">Truecaller</span> Swedish Mobile phone application

Truecaller is a smartphone application that has features of caller-identification, call-blocking, flash-messaging, call-recording, Chat & Voice by using the Internet. It requires users to provide a standard cellular mobile number for registering with the service. The app is available for Android and iOS.

Open Garden, Inc. is an American mobile virtual network operator (MVNO) based in Miami, Florida, that sells eSIM-based prepaid mobile data subscriptions.

Zimperium, Inc. is a privately owned mobile security company based in the United States and headquartered in Dallas, Texas. Zimperium provides a mobile security platform purpose-built for enterprise environments.

AnchorFree is an internet privacy and security company that provides businesses and consumers with advanced technologies to enable secure and private web browsing. The company's flagship product is Hotspot Shield, a popular virtual private network (VPN) service and the top-grossing app for productivity in the Apple App Store. The company is led by David Gorodyansky, who founded the firm in 2005 with his friend Eugene Malobrodsky. AnchorFree is headquartered in Redwood City, California, with offices in Ukraine and Russia. Its most recent fundraising round in 2018 brought in $295 million, bringing total funding to $358 million.

Adallom is a cloud security company based in Menlo Park, California. It secures enterprise software-as-a-service (SaaS) application usage, audits user activity, and protects employees and digital assets from threats in real time.

A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

HackerOne is a company specializing in cybersecurity, specifically attack resistance management, which blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the digital attack surface. It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure. As of December 2022, HackerOne’s network had paid over $230 million in bounties. HackerOne’s customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo.

<span class="mw-page-title-main">Brainly</span> Educational technology company

Brainly is a Polish Multinational company based in Kraków, Poland, with headquarters in New York City. It is an AI-powered homework help platform targeting students and parents. As of November 2020, Brainly reported having 15 million daily active users, making it the world's most popular education app.

<span class="mw-page-title-main">Katie Moussouris</span> American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure

Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.

<span class="mw-page-title-main">Synack</span>

Synack is an American technology company based in Redwood City, California. The company uses a crowdsourced network of white-hat hackers to find exploitable vulnerabilities and a SaaS platform enabled by AI and machine learning to identify exploitable vulnerabilities. Customers include government agencies and businesses in retail, healthcare and the manufacturing industry.

NordVPN is a VPN service provided by Nordsec Ltd with applications for Microsoft Windows, macOS, Linux, Android, iOS, and Android TV. Manual setup is available for wireless routers, NAS devices, and other platforms.

<span class="mw-page-title-main">Rafay Baloch</span> Pakistani ethical hacker

Rafay Baloch is a Pakistani ethical hacker and security researcher known for his discovery of vulnerabilities on the Android operating system. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, and The Express Tribune. He has been listed among the "Top 5 Ethical Hackers of 2014" by CheckMarx. Subsequently he was listed as one of "The 15 Most Successful Ethical Hackers WorldWide" and among "Top 25 Threat Seekers" by SCmagazine. Baloch has also been added in TechJuice 25 under 25 list for the year 2016 and got 13th rank in the list of high achievers. Reflectiz, a cyber security company, released the list of "Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021" recognizing Rafay Baloch as the top influencer. On 23 March 2022, ISPR recognized Rafay Baloch's contribution in the field of Cyber Security with Pride for Pakistan award.

Jack Cable is an American computer security researcher and software developer. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.

<span class="mw-page-title-main">Mozilla VPN</span> Virtual private network service

Mozilla VPN is an open-source virtual private network web browser extension, desktop application, and mobile application developed by Mozilla. It launched in beta as Firefox Private Network on September 10, 2019, and officially launched on July 15, 2020, as Mozilla VPN.

Checkmarx is an enterprise application security company headquartered in Atlanta, Georgia in the United States. Founded in 2006, the company provides application security testing (AST) solutions that embed security into every phase of the software development lifecycle (SDLC), an approach to software testing known as "shift everywhere."

JumpCloud is an American enterprise software company headquartered in Louisville, Colorado. The company was formally launched in 2013 at TechCrunch Disrupt Battlefield with its announcement of an automated server management tool. JumpCloud’s cloud based directory as a service platform is used to securely manage users identity, devices, and access across things such as VPN, Wi-Fi, Servers and workstations.

YesWeHack is a global security company headquartered in Paris, France. It provides a crowdsourced platform for bug bounty programs where ethical hackers can report security exploits and vulnerabilities. It was founded in 2015 by Guillaume Vassault-Houlière, Manuel Dorne and Romain Lecoeuvre.

References

  1. "Hackers Receive $500,000 in One Week via Bugcrowd". SecurityWeek.Com. 11 November 2019. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  2. "HackerOne connects hackers with companies and hopes for a win-win". The New York Times. June 7, 2015. Archived from the original on June 11, 2015. Retrieved October 28, 2015.
  3. "Here's the Netflix account compromise Bugcrowd doesn't want you to know about". Ars Technica. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  4. "TechCrunch is now a part of Verizon Media". techcrunch.com. 31 May 2019. Archived from the original on March 28, 2020. Retrieved March 22, 2020.
  5. 1 2 "Top 5 Bug Bounty Platforms to Watch in 2021". thehackernews.com. 8 February 2021. Archived from the original on 7 July 2021.
  6. "Penetration Testing as a Service". Bugcrowd. Retrieved 17 October 2023.
  7. "Attack Surface Management". Bugcrowd. Retrieved 17 October 2023.
  8. Michael Bailey (5 March 2018). "Aussie cyber security bounty hunter Bugcrowd has big plans after $33m round". afr.com. Australian Financial Review. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  9. 1 2 Mahesh Sharma (4 September 2013). "Bugcrowd Raises $1.6 Million To Expand Bug Bounty Marketplace". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  10. "Bugcrowd Raises $6 Million In Series A Funding To Further Accelerate Enterprise Adoption Of Crowdsourced Security". prnewswire.com. PR Newswire. 12 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  11. Ben Kepes (20 April 2016). "Bugcrowd raises cash because of the power of the people". networkworld.com. Network World. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  12. Sean Sposito (20 April 2016). "Amid bug bounty appeal, Bugcrowd raises Series B". sfgate.com. San Francisco Chronicle. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  13. "Bugcrowd Raises $26 Million to Expand Vulnerability Hunting Business". SecurityWeek.Com. March 2018. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  14. "Bugcrowd raises $30M in Series D to expand its bug bounty platform". TechCrunch. 9 April 2020. Retrieved 2021-01-09.
  15. 1 2 Zack Whittaker (9 April 2020). "Bugcrowd raises $30M in Series D to expand its bug bounty platform". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  16. Zaid Shoorbajee (1 March 2018). "Bugcrowd raises $26 million in latest funding round". cyberscoop.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  17. "Bugcrowd Enters Financial Sector, Announces Managed Bug Bounty Program for Western Union". prnewswire.com. PR Newswire. 11 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  18. "NAB LAUNCHES CYBER BUG BOUNTY PROGRAM". news.nab.com.au. National Australia Bank. 25 September 2020. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  19. "Bugcrowd's Crowdsourced Cybersecurity Platform Helps Pay Over $2M to Researchers for Samsung Mobile Rewards Program". darkreading.com. 17 November 2020. Archived from the original on 2 December 2020. Retrieved 2021-07-07.
  20. Julian Berton (29 January 2019). "Get involved with SEEK's $10K Bug Bounty Program". medium.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  21. "Reporting Security Vulnerabilities". seek.com.au. Retrieved 2021-07-07.
  22. Joel Khalili (16 July 2020). "Calling all ethical VPN hackers: ExpressVPN launches new-look bug bounty program". techradar.com. TechRadar. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  23. Aaron Boyd (24 October 2018). "DOD Invests $34 Million in Hack the Pentagon Expansion". nextgov.com. Archived from the original on 26 November 2020. Retrieved 2021-07-07.
  24. Lauren Knausenberger (21 May 2020). "Leading innovation in the US Air Forces". businesschief.com. Archived from the original on 7 July 2021.
  25. Gallagher, Sean (2 August 2018). "New open source effort: Legal code to make reporting security bugs safer". Ars Technica. Retrieved 17 October 2023.
  26. Haworth, Jessica (14 August 2018). "Open source Disclose.io framework bridges legal gap in bug reporting". The Daily Swig. PortSwigger Web Security. Retrieved 17 October 2023.
  27. "Top 10 cybersecurity online courses for 2021". techtarget.com. TechTarget. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  28. "Bugcrowd University Opens Its Doors to the Crowd". Bugcrowd. 8 August 2018. Retrieved 17 October 2023.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.