Request a Demo Contact Us

How a Fully Managed Bug Bounty Program Keeps InVision Secure

“Switching to a managed program with Bugcrowd reduced our required time and effort by at least 80% allowing us to not only focus on what matters the most, implementing the remediations, but also freeing up our security team to focus on other components of our security program.”

- Johnathan Hunt, Vice President, Information Security
Products

Managed Bug Bounty

Industry

Technology
Computer Software
Internet

  • Challenge

    • With an expanding attack surface and so many channels for vulnerability detection, simply maintaining continuous vulnerability assessment while juggling every other security function had become a real challenge.
    • InVision recognized that even with the multitude of application security tools and services available, small and large companies alike were being compromised. Clearly, companies are at an unfair advantage when it comes to keeping up with their adversaries.
  • Outcomes

    Bugcrowd’s fully managed solutions offered them an opportunity to offload much of that work and focus on more sensitive areas within their application security organization.

About InVision

InVision, the award-winning product design collaboration platform, prioritizes product security with a robust approach to vulnerability management. To stay ahead of malicious attackers, InVision has implemented a suite of industry leading security tools and practices such as web application firewalls, regular vulnerability scans, third-party penetration tests and more. Still, they recognized with the innovation and evolving techniques of nefarious outsiders, they were fighting a losing battle that was leaving their applications potentially vulnerable. They needed a better solution.

  • With an expanding attack surface and so many channels for vulnerability detection, simply maintaining continuous vulnerability assessment while juggling every other security function had become a real challenge.
  • InVision recognized that even with the multitude of application security tools and services available, small and large companies alike were being compromised. Clearly, companies are at an unfair advantage when it comes to keeping up with their adversaries.

The Value of Managed Bug Bounty Programs


InVision initially launched a self-managed bug bounty program to meet those challenges but quickly became overwhelmed with managing the volume of submissions–from communicating with researchers and replicating vulnerabilities to coordinating development time and effort to deploy solutions. Bugcrowd’s fully managed solutions offered them an opportunity to offload much of that work and focus on more sensitive areas within their application security organization.

Switching to a managed program with Bugcrowd reduced our required time and effort by at least 80% allowing us to not only focus on what matters the most, implementing the remediations, but also freeing up our security team to focus on other components of our security program.

Johnathan Hunt, Vice President, Information Security

Improved Their Team’s Efficiency

Bugcrowd’s platform and team of experts provide bug triage, validation, de-duplication, while also recommending prioritizations and handling all researcher communication.

This management has reduced InVision’s time and resource requirements by at least 80% and has optimized their security and engineering teams’ time to remediate issues faster and focus on other organizational priorities.

Enhanced InVision’s Security Posture

The InVision bug bounty program consistently provides a wide array of submissions as well as high-quality findings.

Through this 24/7 coverage, the opportunities at finding critical, hidden holes are significantly improved. It also aligns more closely with their development cycles and helps their engineering teams identify and prevent recurring secure coding issues.

Subscribe for updates

Get Started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.