Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10:45 AM
Dark Reading
Dark Reading
Products and Releases

New Enterprise Enhancements to Bugcrowd Platform Deliver Access to Skilled Security Talent and More

SAN FRANCISCO, Feb. 24, 2020 /PRNewswire/ -- RSA -- Bugcrowd, the #1 crowdsourced security company, today announced several platform enhancements to help customers gain global access to the right talent for every security threat, easily secure their entire attack surface, and deliver clear ROI for their security investments. With these latest enhancements, Bugcrowd continues to redefine the future of engagement for security services and enhance customers' security posture.

Today's security teams are drowning in solutions that were never built to adapt as an organization and threat landscape matures. Bugcrowd offers crowdsourced security on the customer's terms. By codifying all the unique services needed to quickly match and manage the right security skills on-demand, the Bugcrowd platform enables customers to infuse crowdsourced security anywhere throughout their existing security lifecycles - even if that changes year-to-year, or day-to-day.

With a skills gap of 62%, the global cybersecurity workforce needs to grow by 145%. Enterprises are scrambling to access security talent with focused expertise that is in alignment with their growing threat landscape. Bugcrowd continues to measure and prioritize researcher skills and trust by leveraging data through CrowdMatch™, a sophisticated talent sourcing engine indexed by historical performance and externally enriched data. Today, the company takes its signature researcher matching capabilities further with new third-party integrations and program availability options:

  • By tapping into more publicly available sources of researcher skills and performance, customers will benefit from faster deployment of a wider range of security skills with more relevant experience to their unique security concerns.
  • Researchers on the Bugcrowd platform can now preview, join, or be waitlisted for private programs once customer-defined requirements are met.

"Roughly 80% of crowdsourced security programs today are private," said Mark Milani, global head of product and engineering at Bugcrowd. "With joinable programs and updates to CrowdMatch, we're broadening the availability of private programs to researchers, matching the right talent to any security problem, and redefining the future of engagement for crowdsourced security. This delivers the highest ROI and fastest way to find and fix security vulnerabilities across the entire attack surface."

A fast-expanding attack surface, continued migration of business systems to the cloud, and enterprises' uncertainty in how to best defend themselves against threats, are leading them to seek expanded coverage and flexibility. Bugcrowd has doubled down on its focus to ensure rapid and infinite program scaling by offering:

  • Increased visibility: users of Bugcrowd's Attack Surface Management solution report up to a 97% reduction in unknown attack surface.
  • Increased control: more oversight over multiple programs and the ability to spin up on-demand programs through a simple wizard which defaults to proven Bugcrowd best practices
  • Increased access: CrowdMatch democratizes access to researchers with the best skills to help enterprises find high-impact vulnerabilities first and provide contextual intelligence so they can fix faster. Industries like FinServ, Telecommunications, and IoT, report their first critical submission in under 1.6 days on average.

Whether they know it or not, 85% of businesses have experienced a security breach and it has now become a boardroom discussion. To help CISOs better manage budget and maximize program impact to stakeholders on their overall security posture, Bugcrowd has also introduced two new in-platform reports that can easily be shared with all stakeholders:

  • Security Posture report: identifies the vulnerabilities within an organization's technology stack against industry benchmarks and prioritize areas of improvement.
  • Health and Spend report: captures program performance and spending patterns as well as context-aware recommendations for program improvements.

"Bugcrowd has completely disrupted the traditional penetration testing and vulnerability assessment market," said Joan Pepin, CSO at Auth0. "It has become increasingly clear that the center of gravity has shifted to their crowdsourced security platform and solutions, and they have proven to be the most effective way to find security issues in our stack. Bugcrowd has quickly become a valuable partner and an essential component of moving security left into the software development lifecycle."

"We're increasingly investing resources to firm up the security of our systems and products, and partnering with Bugcrowd to uncover priority vulnerabilities in our known, critical assets, is part of this important investment," said Eric Johnson, SVP and CIO at SurveyMonkey. "Their latest platform enhancements have multiplied our ROI by rapidly plugging the power of their Crowd into our diverse security lifecycle. With immediate access to the right skills for our ever-evolving security use cases, we've gained better insight into the health of our technology ecosystem."

Leading companies around the world, including Mastercard, Atlassian, Fitbit, HP, Motorola, Jet.com, Square, and Twilio trust Bugcrowd for Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. For a list of public programs, visit bugcrowd.com/programs. To read customer stories, visit bugcrowd.com/customers.

Additional Resources:

About Bugcrowd
Bugcrowd is the #1 crowdsourced security company. More Fortune 500 organizations trust Bugcrowd to manage their Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. Bugcrowd's award-winning platform combines actionable, contextual intelligence with the skill and experience of the world's most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.

Lisa Bergamo
Bugcrowd, Inc.
[email protected]

SOURCE Bugcrowd

Related Links


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.