Bugcrowd bug bounty programs launched by security vendors have tripled over the past two years and represent the fifth largest industry on the Bugcrowd platform.

Today we released a recent industry report that explores why that is–from the unique challenges these organizations face to the value that bug bounties provide.

As the threat landscape continues to evolve rapidly, and sophisticated, targeted attacks continue to emerge, organizations have turned to security companies for innovative solutions that protect against these growing threats. To help their customers keep up with modern threats, security vendors themselves have become a target.

Security companies help their customers solve complex security problems, but like many of their customers, face the same product security challenges. Highly skilled, technical cybersecurity resources are in high demand, which makes it difficult to build experienced internal testing teams to find and validate vulnerabilities.

That’s why more and more security companies are turning to bug bounty programs.  

Read this report to learn more about how different security companies are utilizing the bug bounty model–private or public, continuous or on-demand. You’ll hear from OneLogin, Sophos, and Barracuda who run different variations of bug bounty programs and have seen immense value through working with the bug bounty community.

We welcome your feedback at hello@bugcrowd.com.