Company:Bugcrowd

From HandWiki
Bugcrowd
TypePrivate
IndustryCybersecurity
Founded2012
FoundersCasey Ellis, Chris Raethke, Sergei Belokamen
HeadquartersSan Francisco, California and Australia
Key people
  • David Gerry (CEO)
  • Casey Ellis (Founder, Chief Strategy Officer)
  • Nick McKenzie (CI&SO)
  • Robert Taccini (CFO)
Websitebugcrowd.com

Bugcrowd is a crowdsourced security platform.[1][2][3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet.[4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.[5][6][7]

History

Bugcrowd was founded in Sydney, Australia in 2012. (As of 2018), its main headquarters is in San Francisco , with other offices in Sydney and London.[8]

Funding

Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers.[9] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million.[9]

Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million.[10]

Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016.[11][12]

In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners.[13]

Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures.[14][15]

Clients

(As of 2020), Bugcrowd worked with 65 industries across 29 countries.[15] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay.[16][5]

Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug.[17] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty.[18]

Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security.[19]

Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000.[20][21]

In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the deverity of the vulnerabilities that were found, with 21 critical findings identified.[22]

Bugcrowd also runs programs for the U.S. DOD, the United States Air Force and DDS.[23][24]

Other projects

In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer.[25][26]

The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them.[27][28]

References

  1. "Hackers Receive $500,000 in One Week via Bugcrowd". 11 November 2019. https://www.securityweek.com/hackers-receive-500000-one-week-bugcrowd. Retrieved March 22, 2020. 
  2. "HackerOne connects hackers with companies and hopes for a win-win.". The New York Times. June 7, 2015. https://www.nytimes.com/2015/06/08/technology/hackerone-connects-hackers-with-companies-and-hopes-for-a-win-win.html?_r=0. 
  3. "Here's the Netflix account compromise Bugcrowd doesn't want you to know about". https://arstechnica.com/information-technology/2020/03/bugcrowd-tries-to-muzzle-hacker-who-found-netflix-account-compromise-weakness/. Retrieved March 22, 2020. 
  4. "TechCrunch is now a part of Verizon Media". 31 May 2019. https://techcrunch.com/2019/05/31/bugcrowd-crowdsourcing-cybersecurity/. Retrieved March 22, 2020. 
  5. 5.0 5.1 "Top 5 Bug Bounty Platforms to Watch in 2021" (in en). 8 February 2021. https://thehackernews.com/2021/02/top-5-bug-bounty-programs-to-watch-in.html. 
  6. "Penetration Testing as a Service". https://www.bugcrowd.com/products/pen-test-as-a-service/. 
  7. "Attack Surface Management". https://www.bugcrowd.com/products/attack-surface-management/. 
  8. Michael Bailey (5 March 2018). "Aussie cyber security bounty hunter Bugcrowd has big plans after $33m round" (in en). Australian Financial Review. https://www.afr.com/technology/aussie-cyber-security-bounty-hunter-bugcrowd-has-big-plans-after-33m-round-20180302-h0wxtr. 
  9. 9.0 9.1 Mahesh Sharma (4 September 2013). "Bugcrowd Raises $1.6 Million To Expand Bug Bounty Marketplace" (in en). TechCrunch. https://techcrunch.com/2013/09/04/bugcrowd-raises-1-6-million-to-expand-bug-bounty-marketplace/. 
  10. "Bugcrowd Raises $6 Million In Series A Funding To Further Accelerate Enterprise Adoption Of Crowdsourced Security" (in en). PR Newswire. 12 March 2015. https://www.prnewswire.com/news-releases/bugcrowd-raises-6-million-in-series-a-funding-to-further-accelerate-enterprise-adoption-of-crowdsourced-security-300049528.html. 
  11. Ben Kepes (20 April 2016). "Bugcrowd raises cash because of the power of the people" (in en). Network World. https://www.networkworld.com/article/3057271/bugcrowd-raises-cash-because-of-the-power-of-the-people.html. 
  12. Sean Sposito (20 April 2016). "Amid bug bounty appeal, Bugcrowd raises Series B" (in en). San Francisco Chronicle. https://www.sfgate.com/business/article/Amid-bug-bounty-appeal-BugCrowd-raises-Series-B-7266430.php. 
  13. "Bugcrowd Raises $26 Million to Expand Vulnerability Hunting Business". March 2018. https://www.securityweek.com/bugcrowd-raises-26-million-expand-vulnerability-hunting-business. Retrieved March 22, 2020. 
  14. "Bugcrowd raises $30M in Series D to expand its bug bounty platform" (in en-US). 9 April 2020. https://social.techcrunch.com/2020/04/09/bugcrowd-series-d/. 
  15. 15.0 15.1 Zack Whittaker (9 April 2020). "Bugcrowd raises $30M in Series D to expand its bug bounty platform" (in en). TechCrunch. https://techcrunch.com/2020/04/09/bugcrowd-series-d/?guccounter=1. 
  16. Zaid Shoorbajee (1 March 2018). "Bugcrowd raises $26 million in latest funding round" (in en). https://www.cyberscoop.com/bugcrowd-series-c-funding/. 
  17. "Bugcrowd Enters Financial Sector, Announces Managed Bug Bounty Program for Western Union" (in en). PR Newswire. 11 March 2015. https://www.prnewswire.com/news-releases/bugcrowd-enters-financial-sector-announces-managed-bug-bounty-program-for-western-union-300048497.html. 
  18. "NAB LAUNCHES CYBER BUG BOUNTY PROGRAM" (in en). National Australia Bank. 25 September 2020. https://news.nab.com.au/news_room_posts/nab-launches-cyber-bug-bounty-program/. 
  19. "Bugcrowd's Crowdsourced Cybersecurity Platform Helps Pay Over $2M to Researchers for Samsung Mobile Rewards Program" (in en). 17 November 2020. https://www.darkreading.com/mobile/bugcrowds-crowdsourced-cybersecurity-platform-helps-pay-over-$2m-to-researchers-for-samsung-mobile-rewards-program/d/d-id/1339480. 
  20. Julian Berton (29 January 2019). "Get involved with SEEK's $10K Bug Bounty Program" (in en). https://medium.com/seek-blog/get-involved-with-seeks-10k-bug-bounty-program-20933b310dca. 
  21. "Reporting Security Vulnerabilities" (in en). https://www.seek.com.au/reporting-security-vulnerabilities/. 
  22. Joel Khalili (16 July 2020). "Calling all ethical VPN hackers: ExpressVPN launches new-look bug bounty program" (in en). TechRadar. https://www.techradar.com/news/calling-all-ethical-vpn-hackers-expressvpn-launches-new-look-bug-bounty-program. 
  23. Aaron Boyd (24 October 2018). "DOD Invests $34 Million in Hack the Pentagon Expansion" (in en). https://www.nextgov.com/cybersecurity/2018/10/dod-invests-34-million-hack-pentagon-expansion/152267/. 
  24. Lauren Knausenberger (21 May 2020). "Leading innovation in the US Air Forces". https://businesschief.com/interviews/lauren-knausenberger-leading-innovation-in-the-us-air-force. 
  25. Gallagher, Sean (2 August 2018). "New open source effort: Legal code to make reporting security bugs safer" (in en-us). https://arstechnica.com/information-technology/2018/08/new-open-source-effort-legal-code-to-make-reporting-security-bugs-safer/. 
  26. Haworth, Jessica (14 August 2018). "Open source Disclose.io framework bridges legal gap in bug reporting" (in en). PortSwigger Web Security. https://portswigger.net/daily-swig/open-source-disclose-io-framework-bridges-legal-gap-in-bug-reporting. 
  27. "Top 10 cybersecurity online courses for 2021" (in en). TechTarget. https://searchsecurity.techtarget.com/tip/Top-10-cybersecurity-online-courses. 
  28. "Bugcrowd University Opens Its Doors to the Crowd". 8 August 2018. https://www.bugcrowd.com/press-release/bugcrowd-university-opens-its-doors-to-the-crowd/. 

External links