Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

2/24/2020
10:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More

SAN FRANCISCO, Feb. 24, 2020 /PRNewswire/ -- RSA -- Bugcrowd, the #1 crowdsourced security company, today announced several platform enhancements to help customers gain global access to the right talent for every security threat, easily secure their entire attack surface, and deliver clear ROI for their security investments. With these latest enhancements, Bugcrowd continues to redefine the future of engagement for security services and enhance customers' security posture.

Today's security teams are drowning in solutions that were never built to adapt as an organization and threat landscape matures. Bugcrowd offers crowdsourced security on the customer's terms. By codifying all the unique services needed to quickly match and manage the right security skills on-demand, the Bugcrowd platform enables customers to infuse crowdsourced security anywhere throughout their existing security lifecycles - even if that changes year-to-year, or day-to-day.

With a skills gap of 62%, the global cybersecurity workforce needs to grow by 145%. Enterprises are scrambling to access security talent with focused expertise that is in alignment with their growing threat landscape. Bugcrowd continues to measure and prioritize researcher skills and trust by leveraging data through CrowdMatch™, a sophisticated talent sourcing engine indexed by historical performance and externally enriched data. Today, the company takes its signature researcher matching capabilities further with new third-party integrations and program availability options:

  • By tapping into more publicly available sources of researcher skills and performance, customers will benefit from faster deployment of a wider range of security skills with more relevant experience to their unique security concerns.
  • Researchers on the Bugcrowd platform can now preview, join, or be waitlisted for private programs once customer-defined requirements are met.

"Roughly 80% of crowdsourced security programs today are private," said Mark Milani, global head of product and engineering at Bugcrowd. "With joinable programs and updates to CrowdMatch, we're broadening the availability of private programs to researchers, matching the right talent to any security problem, and redefining the future of engagement for crowdsourced security. This delivers the highest ROI and fastest way to find and fix security vulnerabilities across the entire attack surface."

A fast-expanding attack surface, continued migration of business systems to the cloud, and enterprises' uncertainty in how to best defend themselves against threats, are leading them to seek expanded coverage and flexibility. Bugcrowd has doubled down on its focus to ensure rapid and infinite program scaling by offering:

  • Increased visibility: users of Bugcrowd's Attack Surface Management solution report up to a 97% reduction in unknown attack surface.
  • Increased control: more oversight over multiple programs and the ability to spin up on-demand programs through a simple wizard which defaults to proven Bugcrowd best practices
  • Increased access: CrowdMatch democratizes access to researchers with the best skills to help enterprises find high-impact vulnerabilities first and provide contextual intelligence so they can fix faster. Industries like FinServ, Telecommunications, and IoT, report their first critical submission in under 1.6 days on average.

Whether they know it or not, 85% of businesses have experienced a security breach and it has now become a boardroom discussion. To help CISOs better manage budget and maximize program impact to stakeholders on their overall security posture, Bugcrowd has also introduced two new in-platform reports that can easily be shared with all stakeholders:

  • Security Posture report: identifies the vulnerabilities within an organization's technology stack against industry benchmarks and prioritize areas of improvement.
  • Health and Spend report: captures program performance and spending patterns as well as context-aware recommendations for program improvements.

"Bugcrowd has completely disrupted the traditional penetration testing and vulnerability assessment market," said Joan Pepin, CSO at Auth0. "It has become increasingly clear that the center of gravity has shifted to their crowdsourced security platform and solutions, and they have proven to be the most effective way to find security issues in our stack. Bugcrowd has quickly become a valuable partner and an essential component of moving security left into the software development lifecycle."

"We're increasingly investing resources to firm up the security of our systems and products, and partnering with Bugcrowd to uncover priority vulnerabilities in our known, critical assets, is part of this important investment," said Eric Johnson, SVP and CIO at SurveyMonkey. "Their latest platform enhancements have multiplied our ROI by rapidly plugging the power of their Crowd into our diverse security lifecycle. With immediate access to the right skills for our ever-evolving security use cases, we've gained better insight into the health of our technology ecosystem."

Leading companies around the world, including Mastercard, Atlassian, Fitbit, HP, Motorola, Jet.com, Square, and Twilio trust Bugcrowd for Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. For a list of public programs, visit bugcrowd.com/programs. To read customer stories, visit bugcrowd.com/customers.

Additional Resources:

About Bugcrowd
Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. Bugcrowd's award-winning platform combines actionable, contextual intelligence with the skill and experience of the world's most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.

Contact:
Lisa Bergamo
Bugcrowd, Inc.
[email protected]

SOURCE Bugcrowd

Related Links

http://www.bugcrowd.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark Reading,  9/23/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25772
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25773
PUBLISHED: 2020-09-29
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.