Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10:45 AM
Dark Reading
Dark Reading
Products and Releases

New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More

SAN FRANCISCO, Feb. 24, 2020 /PRNewswire/ -- RSA -- Bugcrowd, the #1 crowdsourced security company, today announced several platform enhancements to help customers gain global access to the right talent for every security threat, easily secure their entire attack surface, and deliver clear ROI for their security investments. With these latest enhancements, Bugcrowd continues to redefine the future of engagement for security services and enhance customers' security posture.

Today's security teams are drowning in solutions that were never built to adapt as an organization and threat landscape matures. Bugcrowd offers crowdsourced security on the customer's terms. By codifying all the unique services needed to quickly match and manage the right security skills on-demand, the Bugcrowd platform enables customers to infuse crowdsourced security anywhere throughout their existing security lifecycles - even if that changes year-to-year, or day-to-day.

With a skills gap of 62%, the global cybersecurity workforce needs to grow by 145%. Enterprises are scrambling to access security talent with focused expertise that is in alignment with their growing threat landscape. Bugcrowd continues to measure and prioritize researcher skills and trust by leveraging data through CrowdMatch™, a sophisticated talent sourcing engine indexed by historical performance and externally enriched data. Today, the company takes its signature researcher matching capabilities further with new third-party integrations and program availability options:

  • By tapping into more publicly available sources of researcher skills and performance, customers will benefit from faster deployment of a wider range of security skills with more relevant experience to their unique security concerns.
  • Researchers on the Bugcrowd platform can now preview, join, or be waitlisted for private programs once customer-defined requirements are met.

"Roughly 80% of crowdsourced security programs today are private," said Mark Milani, global head of product and engineering at Bugcrowd. "With joinable programs and updates to CrowdMatch, we're broadening the availability of private programs to researchers, matching the right talent to any security problem, and redefining the future of engagement for crowdsourced security. This delivers the highest ROI and fastest way to find and fix security vulnerabilities across the entire attack surface."

A fast-expanding attack surface, continued migration of business systems to the cloud, and enterprises' uncertainty in how to best defend themselves against threats, are leading them to seek expanded coverage and flexibility. Bugcrowd has doubled down on its focus to ensure rapid and infinite program scaling by offering:

  • Increased visibility: users of Bugcrowd's Attack Surface Management solution report up to a 97% reduction in unknown attack surface.
  • Increased control: more oversight over multiple programs and the ability to spin up on-demand programs through a simple wizard which defaults to proven Bugcrowd best practices
  • Increased access: CrowdMatch democratizes access to researchers with the best skills to help enterprises find high-impact vulnerabilities first and provide contextual intelligence so they can fix faster. Industries like FinServ, Telecommunications, and IoT, report their first critical submission in under 1.6 days on average.

Whether they know it or not, 85% of businesses have experienced a security breach and it has now become a boardroom discussion. To help CISOs better manage budget and maximize program impact to stakeholders on their overall security posture, Bugcrowd has also introduced two new in-platform reports that can easily be shared with all stakeholders:

  • Security Posture report: identifies the vulnerabilities within an organization's technology stack against industry benchmarks and prioritize areas of improvement.
  • Health and Spend report: captures program performance and spending patterns as well as context-aware recommendations for program improvements.

"Bugcrowd has completely disrupted the traditional penetration testing and vulnerability assessment market," said Joan Pepin, CSO at Auth0. "It has become increasingly clear that the center of gravity has shifted to their crowdsourced security platform and solutions, and they have proven to be the most effective way to find security issues in our stack. Bugcrowd has quickly become a valuable partner and an essential component of moving security left into the software development lifecycle."

"We're increasingly investing resources to firm up the security of our systems and products, and partnering with Bugcrowd to uncover priority vulnerabilities in our known, critical assets, is part of this important investment," said Eric Johnson, SVP and CIO at SurveyMonkey. "Their latest platform enhancements have multiplied our ROI by rapidly plugging the power of their Crowd into our diverse security lifecycle. With immediate access to the right skills for our ever-evolving security use cases, we've gained better insight into the health of our technology ecosystem."

Leading companies around the world, including Mastercard, Atlassian, Fitbit, HP, Motorola, Jet.com, Square, and Twilio trust Bugcrowd for Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. For a list of public programs, visit bugcrowd.com/programs. To read customer stories, visit bugcrowd.com/customers.

Additional Resources:

About Bugcrowd
Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. Bugcrowd's award-winning platform combines actionable, contextual intelligence with the skill and experience of the world's most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.

Lisa Bergamo
Bugcrowd, Inc.
[email protected]

SOURCE Bugcrowd

Related Links


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
PUBLISHED: 2020-05-25
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
PUBLISHED: 2020-05-25
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
PUBLISHED: 2020-05-25
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.