By: David Dobbins, Director of Engineering at Mailgun.
Here at Mailgun, we’re in the business of providing developers and businesses a platform that allows them to send email how they see fit for their brand. When you’re handling massive quantities of email for major brands day in and day out, security is your first priority. Not only that, but it has to be good security; anything less than the best leaves you open to compromises. Nobody wants to deal with a security breach, but especially when you’re protecting not just your own information but your customers’ information as well. Mailgun wanted a way to find bugs without taking up loads of time internally, which is how we ended up with Bugcrowd.
Mailgun has been aware of crowdsourced testing for a while now and when it came down to it; we wanted to work with a company that could give us the quality we were looking for in a report, and Bugcrowd was able to deliver well past our expectations.
Compared to an external pen test, Bugcrowd’s submissions are more comprehensive, thorough, and easily reproduced. The steps to reproduce an issue are right there in the report, so it makes our turnaround time for fixes that much faster and easier to prioritize.
Plus, it takes the pressure off of our in-house team to find issues. Sometimes you’re too close to the software to see the bigger picture. Getting fresh eyes to look at our products from another perspective helps find the exploits (vulnerabilities) we couldn’t see.
We’re really excited to announce our public partnership with Bugcrowd. Bugcrowd has an incredible team of researchers with impressive knowledge of software vulnerabilities. They can explore any public-facing area of your application and find the holes you don’t see. Except they don’t exploit you — they tell you about it so you can make your service better and safer.
It’s been an amazing partnership so far, and now it’s time to go public. We want you to help find the weak links in our protocols, and we’d love to give you some cash for helping us out. Our rewards are priced from $100-1,500 and you can learn more about the program on our program page: https://bugcrowd.com/mailgun