We’re excited to announce a significant step forward in our partnership with Bolt—Bolt has officially launched a public bug bounty program. This move will enable Bolt to tap into the collective intelligence of the global hacker community to further enhance the safety and reliability of its shared mobility platform.

 

Get to know Bolt

For those unfamiliar, Bolt is the European global shared mobility platform with over 200 million lifetime customers across 50 countries and over 600 cities in Europe and Africa. Its mission is to “Make cities for people, not cars” by offering convenient alternatives for every need a private car serves, from ride-hailing and shared vehicles to scooter rentals and food and grocery delivery. Security is paramount to maintaining the trust of its users and ensuring the integrity of its services.

Before partnering with Bugcrowd, Bolt faced several key security challenges. These included a lack of initial triaging capabilities to effectively manage the validity and quality of security submissions, limited outreach to connect with capable hackers, difficulties in managing the entire submission funnel, and the absence of a streamlined payout system for hackers.

 

Bolt’s experience with Bugcrowd

Almost five years ago, Bolt launched a private bug bounty program through the Bugcrowd Platform. Its motivation to partner with Bugcrowd stemmed from a need for robust support and a platform that could address these challenges.

“The fantastic and personalized support from the Bugcrowd team has been instrumental in ensuring the smooth operation of our bug bounty program,” Allar Lauk, Cybersecurity Engineer at Bolt said. “The Bugcrowd Platform helps us connect with high-quality hackers through their extensive network and user-friendly interface. Through Bugcrowd, we have full control of the funnel for hackers to submit their findings. Submissions are triaged by Bugcrowd and their customizable system makes for easy and efficient payouts.”

Since implementing a private bug bounty engagement, Bolt has experienced several key benefits. The partnership fosters a great flow of ideas and open communication between the two teams. Bugcrowd provides a tailor-made and sustainable approach to managing Bolt’s bug bounty program. “The tips and suggestions from the Bugcrowd team have been invaluable in helping us continuously improve our program. Importantly, Bugcrowd’s initial triaging and communication efforts filter out irrelevant submissions, allowing us to prioritize critical risks and vulnerabilities and make more informed decisions about our applications’ security,” Lauk said.

Bolt measures the success of our Bugcrowd program through key metrics such as the number of vulnerabilities found and the time it takes to remediate them. The insights gained through the program have significantly improved its company’s security posture by expanding its reach to a wider pool of talented hackers. This increased engagement leads to the discovery of higher-quality vulnerabilities. “Our bug bounty program has strengthened our security posture by highlighting areas for improvement and providing a better overall understanding of our security landscape, ultimately enabling Bolt to make higher-quality security choices in the future,” Lauk said.

“We’ve already seen tangible business benefits from our work with Bugcrowd, including reduced risk and the identification of important vulnerabilities before they could be exploited in the wild,” Lauk said. “Partnering with Bugcrowd has been crucial in enhancing our overall security posture and risk management strategy by connecting us with a broader range of security expertise.”

 

Future goals and growth

As Bolt takes the exciting step forward by making its bug bounty program public, its long term goals include attracting the best hackers, refining its program to minimize low-quality submissions, and increasing the visibility of its program to ensure that all critical security issues are easily reported.

Calling all hackers—the Bolt program is officially live! Dive in and start hacking on the program today.

 

Bugcrowd at InfoSec

Come visit us at InfoSecurity Europe this week at ExCel London. We’ll be at Stand F110. Come by and learn about ways you can find and fix vulnerabilities faster like Bolt with crowdsourced security testing and intelligence from Bugcrowd.

Tags: