Bugcrowd has officially achieved FedRAMP Moderate Authorization, sponsored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). With this authorization, federal agencies can now rapidly engage Bugcrowd’s offensive security testing solutions to identify and remediate vulnerabilities proactively.
We sat down with Kent Wilson, VP of Public Sector, and Trey Ford, Chief Strategy and Trust Officer, to learn more about why this authorization matters to our customers, partners, and the greater community.
Why did Bugcrowd pursue a FedRAMP authorization?
What changes did Bugcrowd make to its Platform to achieve FedRAMP authorization?
“The process that Bugcrowd undertook was not simply another audit like SOC2 or ISO 27001. We re-architected Bugcrowd’s infrastructure and operations to isolate and secure government data commensurate with its impact level. FedRAMP gave us the opportunity to document and formalize so many existing processes and add new capabilities like FIPS-validated crypto and so many others. All of these capabilities have been built step-by-step and validated by advisory and audit partners. The newly architected, cloud-native version of our Platform yields security and efficiency gains for all.”
Trey Ford
How does this FedRAMP authorization impact the perception of security researchers?
By going through the rigorous FedRAMP authorization process, we are unlocking access to the ingenuity of the global security research community on a platform meeting strict government security standards. We are providing federal teams with a disciplined, vetted, and secure environment to proactively defend their mission-critical assets with absolute confidence.”
Kent Wilson
If you’re interested in learning about some of the expert security researchers, pentesters, and red teamers on the Bugcrowd Platform, check out our guide, Get to Know the Crowd.
How does Bugcrowd’s FedRAMP authorization impact customers with data sovereignty concerns?
“To achieve FedRAMP, Bugcrowd built a modern, standardized, secured, and rigorously validated cloud-native platform into GovCloud for the US Federal Government.
While no small feat, Bugcrowd now has the ability to deploy this carefully architected and secured platform into other regions where customers have specific requirements or data storage, processing, or sovereignty concerns. This ensures that their customer data can be stored, processed, and accessed within specific geographic boundaries in accordance with local regulatory and policy requirements.”
How does this authorization help federal security teams keep up with the fast-paced nature of cybersecurity?
“Speed is the ultimate currency in cybersecurity, yet federal agencies have historically been bogged down by months of compliance paperwork just to access the world’s best researchers. I speak to federal security teams every day, and they want to benefit from the talent of these researchers. Instead, they were daunted by the previous 6–12-month process to gain provisional authority to work with Bugcrowd. By achieving FedRAMP Moderate, we’ve removed those barriers. Agencies can now deploy our crowdsourced platform at the speed of the threat, moving past the perimeter to secure their most mission-critical assets with absolute confidence.”
How does the Bugcrowd Platform help federal agencies overcome the cybersecurity skills gap?
“The federal ecosystem is highly challenging to secure—it is under constant threat of attacks at every level of sophistication, including advanced persistent threats from state-sponsored actors. It needs the very best minds in the world to probe for weaknesses and vulnerabilities across the entire attack surface. The fact of the matter is that the private sector has more funds to hire top security talent than the public sector. Bugcrowd provides a platform that democratizes this elite talent, giving federal teams access to expert security researchers with unique perspectives, capabilities, and expertise via a pay-for-results model.”
How does Bugcrowd’s FedRAMP authorization impact organizations in the private sector?
“The efforts made for FedRAMP authorization also benefit those in the private sector, especially organizations in highly-regulated industries.
The first way is through trust assurance. FedRAMP authorization sets a standard for security requirements—both technical and operational. It’s the highest level of validation, giving security teams the assurance that Bugcrowd has passed the most stringent level of audit. FedRAMP is a true stamp of approval from the U.S. government so teams can rest assured that they are partnering with an organization that takes security seriously.
The second major benefit to the private sector is this authorization process has unlocked strong controls for customers with data sovereignty concerns or mandates to isolate their data in specific regions of the world. Whether you’re an organization that has decided to adopt federal standards, one that is handling sensitive data, or one that needs to operate under regulations like GDPR, customers can work with us to deploy a secured platform anywhere in the world.”
The FedRAMP Moderate-authorized Bugcrowd Platform on the FedRAMP Marketplace enables federal agencies to deploy offensive security testing for mission-critical systems.
Want to have a Q&A of your own with our VP of Public Sector, Kent? Fill out this form and we’ll reach out. Discover how Bugcrowd matches federal agencies with trusted security researchers to find critical vulnerabilities before attackers do.