Surfacing high-value, critical vulnerabilities is the #1 biggest attractor for organizations considering crowdsourced security, according to the 2019 Bugcrowd CISO survey. However, the #1 most frequently cited barrier to doing more with those findings, is the lack of integration between application security tools and application development tools. In other words, finding the stuff that’s broken is all well and good, but then what? How do organizations ensure priority issues are addressed in a consistent and reliable fashion, when much of that responsibility falls outside the bounds of the Security remit?
If Security is everyone’s problem, then the solution should belong to everyone as well.
Bugcrowd’s Crowdcontrol platform revolves around a uniquely extensible architecture that flexes as customer needs evolve. Because these needs increasingly involve a connection with other business processes throughout the organization, as evidenced by the afore referenced CISO survey, we have proactively integrated with a number of project management, ticketing, messaging, and workflow tools to drive efficiencies in the exchanges between Security, Risk, and Development teams. Additionally, many of these solutions are now self-serve on the Crowdcontrol platform- setup and manage how you like, when you like.
One such integration is GitHub for Crowdcontrol. GitHub is a developer-focused collaboration tool that allows teams to host and collaborate on code cycles. Bugcrowd integrates with GitHub Issues, its ticket-tracking component. This integration allows customers to push Crowdcontrol submitted and validated vulnerabilities to a single or multiple GitHub repositories as needed, as well as persist the mapping of the GitHub issues within Crowdcontrol, so as to link the submission across both platforms. Streamlining this process reduces room for human error, enables security resources to take back time they need to solve tougher problems, and helps close the gap between security and development.
Rapid and reliable handoff between Security and Development is crucial for consistent vulnerability patching. Bugcrowd’s GitHub integration makes it easier to create and contextualize every request, reducing Security overhead and helping Dev fix faster.