Jump to content

Bugcrowd

From Wikipedia, the free encyclopedia
Bugcrowd
Company typePrivate
IndustryCybersecurity
Founded2012
FoundersCasey Ellis, Chris Raethke, Sergei Belokamen
HeadquartersSan Francisco, California and Australia
Key people
  • David Gerry (CEO)
  • Casey Ellis (Founder, Chief Strategy Officer)
  • Nick McKenzie (CI&SO)
  • Robert Taccini (CFO)
Websitebugcrowd.com

Bugcrowd is a crowdsourced security platform.[1][2][3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet.[4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.[5][6][7]

History

[edit]

Bugcrowd was founded in Sydney, Australia in 2012. As of 2018, its main headquarters is in San Francisco, with other offices in Sydney and London.[8]

In May 2024, Bugcrowd acquired attack surface management company, Informer.[9]

Funding

[edit]

Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers.[10] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million.[10]

Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million.[11]

Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016.[12][13]

In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners.[14]

Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures.[15][16]

Clients

[edit]

As of 2020, Bugcrowd worked with 65 industries across 29 countries.[16] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay.[17][5]

Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug.[18] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty.[19]

Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security.[20]

Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000.[21][22]

In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the severity of the vulnerabilities that were found, with 21 critical findings identified.[23]

Bugcrowd also runs programs for the U.S. DOD, the Air Force and DDS.[24][25]

Other projects

[edit]

In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer.[26][27]

The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them.[28][29]

References

[edit]
  1. ^ "Hackers Receive $500,000 in One Week via Bugcrowd". SecurityWeek.Com. 11 November 2019. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  2. ^ "HackerOne connects hackers with companies and hopes for a win-win". The New York Times. June 7, 2015. Archived from the original on June 11, 2015. Retrieved October 28, 2015.
  3. ^ "Here's the Netflix account compromise Bugcrowd doesn't want you to know about". Ars Technica. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  4. ^ "TechCrunch is now a part of Verizon Media". techcrunch.com. 31 May 2019. Archived from the original on March 28, 2020. Retrieved March 22, 2020.
  5. ^ a b "Top 5 Bug Bounty Platforms to Watch in 2021". thehackernews.com. 8 February 2021. Archived from the original on 7 July 2021.
  6. ^ "Penetration Testing as a Service". Bugcrowd. Retrieved 17 October 2023.
  7. ^ "Attack Surface Management". Bugcrowd. Retrieved 17 October 2023.
  8. ^ Michael Bailey (5 March 2018). "Aussie cyber security bounty hunter Bugcrowd has big plans after $33m round". afr.com. Australian Financial Review. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  9. ^ Lunden, Ingrid (May 23, 2024). "Bugcrowd, the crowdsourced white-hat hacker platform, acquires Informer to ramp up its security chops". Techcrunch.
  10. ^ a b Mahesh Sharma (4 September 2013). "Bugcrowd Raises $1.6 Million To Expand Bug Bounty Marketplace". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  11. ^ "Bugcrowd Raises $6 Million In Series A Funding To Further Accelerate Enterprise Adoption Of Crowdsourced Security". prnewswire.com. PR Newswire. 12 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  12. ^ Ben Kepes (20 April 2016). "Bugcrowd raises cash because of the power of the people". networkworld.com. Network World. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  13. ^ Sean Sposito (20 April 2016). "Amid bug bounty appeal, Bugcrowd raises Series B". sfgate.com. San Francisco Chronicle. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  14. ^ "Bugcrowd Raises $26 Million to Expand Vulnerability Hunting Business". SecurityWeek.Com. March 2018. Archived from the original on March 22, 2020. Retrieved March 22, 2020.
  15. ^ "Bugcrowd raises $30M in Series D to expand its bug bounty platform". TechCrunch. 9 April 2020. Retrieved 2021-01-09.
  16. ^ a b Zack Whittaker (9 April 2020). "Bugcrowd raises $30M in Series D to expand its bug bounty platform". techcrunch.com. TechCrunch. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  17. ^ Zaid Shoorbajee (1 March 2018). "Bugcrowd raises $26 million in latest funding round". cyberscoop.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  18. ^ "Bugcrowd Enters Financial Sector, Announces Managed Bug Bounty Program for Western Union". prnewswire.com. PR Newswire. 11 March 2015. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  19. ^ "NAB LAUNCHES CYBER BUG BOUNTY PROGRAM". news.nab.com.au. National Australia Bank. 25 September 2020. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  20. ^ "Bugcrowd's Crowdsourced Cybersecurity Platform Helps Pay Over $2M to Researchers for Samsung Mobile Rewards Program". darkreading.com. 17 November 2020. Archived from the original on 2 December 2020. Retrieved 2021-07-07.
  21. ^ Julian Berton (29 January 2019). "Get involved with SEEK's $10K Bug Bounty Program". medium.com. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  22. ^ "Reporting Security Vulnerabilities". seek.com.au. Retrieved 2021-07-07.
  23. ^ Joel Khalili (16 July 2020). "Calling all ethical VPN hackers: ExpressVPN launches new-look bug bounty program". techradar.com. TechRadar. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  24. ^ Aaron Boyd (24 October 2018). "DOD Invests $34 Million in Hack the Pentagon Expansion". nextgov.com. Archived from the original on 26 November 2020. Retrieved 2021-07-07.
  25. ^ Lauren Knausenberger (21 May 2020). "Leading innovation in the US Air Forces". businesschief.com. Archived from the original on 7 July 2021.
  26. ^ Gallagher, Sean (2 August 2018). "New open source effort: Legal code to make reporting security bugs safer". Ars Technica. Retrieved 17 October 2023.
  27. ^ Haworth, Jessica (14 August 2018). "Open source Disclose.io framework bridges legal gap in bug reporting". The Daily Swig. PortSwigger Web Security. Retrieved 17 October 2023.
  28. ^ "Top 10 cybersecurity online courses for 2021". techtarget.com. TechTarget. Archived from the original on 7 July 2021. Retrieved 2021-07-07.
  29. ^ "Bugcrowd University Opens Its Doors to the Crowd". Bugcrowd. 8 August 2018. Retrieved 17 October 2023.
[edit]