A few months ago we celebrated the launch of Okta’s public bug bounty program after having run a private program for years. Today, we’re taking a closer look at how their bug bounty program has influenced their application security program.
Customer security and assurance is a key company value at Okta. They have consistently striven to obtain the most rigorous security standards, and part of that commitment is a strong vulnerability discovery program. Bugcrowd is another powerful tool in our toolbelt that helps us do that. Read the case study to learn more about the ROI of their bug bounty program.

As they continually demonstrate to customers how we keep their data safe and secure, their bug bounty program has further enhanced the security of the Okta Identity Cloud. Their public program today offers rewards up to $15,000. View their bounty brief here.

 

Program results and learnings

Through continuous testing in earlier phases of design and development, their program gets as close to end-to-end security testing as possible. Furthermore, although bounty payouts vary with criticality and over time, Okta’s bug bounty program has actually ended up being more cost effective than other testing methods

 

This efficiency and effectiveness make their program key to their SDL and vulnerability management programs, supporting better utilization of internal resources and improved overall security ROI.