Moneytree is a personal finance management app based in Japan. They have been a Bugcrowd customer for nine years, specifically leveraging Penetration Testing as a Service (PTaaS) and Managed Bug Bounty engagements.
“Moneytree has partnered with Bugcrowd for penetration testing and bug bounty management for almost a decade. In the highly regulated finance industry, this is a very effective way of ensuring real security,” Sergio Arcos, Director of Engineering, IT, and Security at Moneytree.
We sat down with Sergio to learn more about Moneytree’s offensive security strategy.
Tell us a little bit about Moneytree
Moneytree is a personal finance management app that uses data aggregation to radically simplify users’ relationship with money. They also offer services for small and medium-sized businesses and larger corporations. As the industry’s leading financial data platform, they have facilitated over 7.5 billion secure transactions, with over 130 companies adopting Moneytree. The service currently supports Japanese financial institutions and provides a Japanese & English language interface.
What inspired you to launch offensive security testing with Bugcrowd?
We recognized that the Bugcrowd model provided more qualified pentesters and researchers to test our platform. We have high security standards on our code, so we were comfortable rewarding security researchers for their vulnerability submissions.
What results have you experienced with your Bugcrowd programs?
Together with Bugcrowd, we’ve built a very robust program, from the moment that pentesters were able to organize the information in a structured way to the integration we have with Jira. We take pride in the success we’ve had, as well as in the way we’ve fostered a respectful ecosystem for security researchers by offering competitive rewards that recognize their expertise.
Why did you choose Bugcrowd over other offensive security testing providers?
The Bugcrowd Platform and triage team allows us to filter submissions and remove duplicate vulnerability submissions or ones that were out of scope. This has been great for our development team, so they aren’t constantly distracted by trialing potential vulnerabilities. We also appreciate the ability to generate customizable pentest reports on an ad hoc basis. In general, the market is evolving rapidly with AI, and we are confident in how Bugcrowd is evolving, from their latest Platform improvements.
What has been your overall experience partnering with Bugcrowd?
When we first started, the offensive security landscape was quite different, as crowdsourced security was still in its early stages. As one of Bugcrowd’s first customers in Japan, we’ve found that Bugcrowd has consistently demonstrated exceptional reliability and excellence throughout our partnership. We’ve experienced excellent customer service. We’ve even had the opportunity to meet with one of Bugcrowd’s leadership team, provide feedback on new feature requests, and participate in various events locally with Bugcrowd’s team.
If you’re a security researcher who is interested in participating in Moneytree’s program, check out the engagement page. For other financial services organizations who are interested in working with Bugcrowd for offensive security testing, reach out and talk to one of our experts.