Crowdsourced security provides a valuable opportunity for organizations to up-level their security posture through the collective power of the researcher community. But it can be a daunting endeavor for many.  At Bugcrowd, we’ve developed a process that can ensure full-scale security coverage that truly integrates with our customer’s Security Development Lifecycle (SDLC). Zilliqa is a great example of how crowdsourced security can help an organization strengthen their security posture while continuing to lead the way as an industry leader in Blockchain Technology. 

Zilliqa, a high-performance, high-security blockchain platform for enterprises and next-generation applications, has a very strong approach to blockchain implementation and security. With Zilliqa’s mission of becoming the blockchain infrastructure of choice for future enterprises and decentralized applications, their commitment to building an ecosystem with the right enterprise partners and blockchain projects is key in supporting organizational growth and enhancing their commitment to security. 

“Founded by a team of academics, security researchers and cybersecurity experts,  our emphasis on security is well-known across the industry and community, and is the foundation for our growth as an organization” said Jun Hao Tan, Senior VP, Security and Platform Engineering at Zilliqa. 

With growth and scalability in mind, Zilliqa partnered with Bugcrowd to launch a bug bounty program, engaging the power of the crowd and providing them with a channel for receiving vulnerability submissions from anyone in the world. 

With Bugcrowd, Zilliqa has:

  • Comprehensive security coverage across its infrastructure
  • A systematic way for security researchers to report bugs in a single platform
  • An incentive mechanism for security researchers to proactively look for security vulnerabilities 
  • High turn-around time for triaging and fixing vulnerabilities with the support of Bugcrowd’s security engineers

Jun Hao Tan explained that “upon launching the private phase of our bug bounty program, many of the security bugs/vulnerabilities were found and fixed during this initial phase. This allowed us to move quickly and continue to evolve in a way that did not leave us vulnerable”. 

Bugcrowd’s partnership with Zilliqa has enabled them to engage an even wider audience to help with code review in the wild. By having the man-power from the crowd, they have found vulnerabilities that they would have otherwise missed. Bugcrowd  has not only helped them optimize their network security to a greater standard, which is essential to long-term sustainability of their network, but also build credibility with their community members and prospective partners. 

To learn more about Zilliqa’s story, go here.