Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10:45 AM
Dark Reading
Dark Reading
Products and Releases

New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More

SAN FRANCISCO, Feb. 24, 2020 /PRNewswire/ -- RSA -- Bugcrowd, the #1 crowdsourced security company, today announced several platform enhancements to help customers gain global access to the right talent for every security threat, easily secure their entire attack surface, and deliver clear ROI for their security investments. With these latest enhancements, Bugcrowd continues to redefine the future of engagement for security services and enhance customers' security posture.

Today's security teams are drowning in solutions that were never built to adapt as an organization and threat landscape matures. Bugcrowd offers crowdsourced security on the customer's terms. By codifying all the unique services needed to quickly match and manage the right security skills on-demand, the Bugcrowd platform enables customers to infuse crowdsourced security anywhere throughout their existing security lifecycles - even if that changes year-to-year, or day-to-day.

With a skills gap of 62%, the global cybersecurity workforce needs to grow by 145%. Enterprises are scrambling to access security talent with focused expertise that is in alignment with their growing threat landscape. Bugcrowd continues to measure and prioritize researcher skills and trust by leveraging data through CrowdMatch™, a sophisticated talent sourcing engine indexed by historical performance and externally enriched data. Today, the company takes its signature researcher matching capabilities further with new third-party integrations and program availability options:

  • By tapping into more publicly available sources of researcher skills and performance, customers will benefit from faster deployment of a wider range of security skills with more relevant experience to their unique security concerns.
  • Researchers on the Bugcrowd platform can now preview, join, or be waitlisted for private programs once customer-defined requirements are met.

"Roughly 80% of crowdsourced security programs today are private," said Mark Milani, global head of product and engineering at Bugcrowd. "With joinable programs and updates to CrowdMatch, we're broadening the availability of private programs to researchers, matching the right talent to any security problem, and redefining the future of engagement for crowdsourced security. This delivers the highest ROI and fastest way to find and fix security vulnerabilities across the entire attack surface."

A fast-expanding attack surface, continued migration of business systems to the cloud, and enterprises' uncertainty in how to best defend themselves against threats, are leading them to seek expanded coverage and flexibility. Bugcrowd has doubled down on its focus to ensure rapid and infinite program scaling by offering:

  • Increased visibility: users of Bugcrowd's Attack Surface Management solution report up to a 97% reduction in unknown attack surface.
  • Increased control: more oversight over multiple programs and the ability to spin up on-demand programs through a simple wizard which defaults to proven Bugcrowd best practices
  • Increased access: CrowdMatch democratizes access to researchers with the best skills to help enterprises find high-impact vulnerabilities first and provide contextual intelligence so they can fix faster. Industries like FinServ, Telecommunications, and IoT, report their first critical submission in under 1.6 days on average.

Whether they know it or not, 85% of businesses have experienced a security breach and it has now become a boardroom discussion. To help CISOs better manage budget and maximize program impact to stakeholders on their overall security posture, Bugcrowd has also introduced two new in-platform reports that can easily be shared with all stakeholders:

  • Security Posture report: identifies the vulnerabilities within an organization's technology stack against industry benchmarks and prioritize areas of improvement.
  • Health and Spend report: captures program performance and spending patterns as well as context-aware recommendations for program improvements.

"Bugcrowd has completely disrupted the traditional penetration testing and vulnerability assessment market," said Joan Pepin, CSO at Auth0. "It has become increasingly clear that the center of gravity has shifted to their crowdsourced security platform and solutions, and they have proven to be the most effective way to find security issues in our stack. Bugcrowd has quickly become a valuable partner and an essential component of moving security left into the software development lifecycle."

"We're increasingly investing resources to firm up the security of our systems and products, and partnering with Bugcrowd to uncover priority vulnerabilities in our known, critical assets, is part of this important investment," said Eric Johnson, SVP and CIO at SurveyMonkey. "Their latest platform enhancements have multiplied our ROI by rapidly plugging the power of their Crowd into our diverse security lifecycle. With immediate access to the right skills for our ever-evolving security use cases, we've gained better insight into the health of our technology ecosystem."

Leading companies around the world, including Mastercard, Atlassian, Fitbit, HP, Motorola, Jet.com, Square, and Twilio trust Bugcrowd for Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. For a list of public programs, visit bugcrowd.com/programs. To read customer stories, visit bugcrowd.com/customers.

Additional Resources:

About Bugcrowd
Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. Bugcrowd's award-winning platform combines actionable, contextual intelligence with the skill and experience of the world's most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.

Lisa Bergamo
Bugcrowd, Inc.
[email protected]

SOURCE Bugcrowd

Related Links



Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-01
In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.