In a world where threats are unpredictable and organizations are constantly under siege–and where no amount of automation can replicate the attacker mindset or human ingenuity at scale–Bugcrowd gives customers a proactive, first line of defense against being blindsided by cyber attacks. To do that, the Bugcrowd Security Knowledge Platform uniquely orchestrates data, technology, and human intelligence, including the power of the global ethical hacker/security researcher community (the Crowd), to find hidden vulnerabilities before attackers do and then help remediate faster.
We’ve proven to customers like Atlassian, Netflix, and Twilio that only a platform-driven, solution-oriented approach to crowdsourced Penetration Testing as a Service, Attack Surface Management, and other workflows ensures long-term customer success. That said, our work is never done to make the platform more powerful, more efficient, and easier to adopt and use by customers at any scale, as well as to help researchers work on more interesting challenges and earn more rewards. Today, we’re announcing platform enhancements that are milestones on that journey, especially in the area of penetration testing.
Faster, More Agile Penetration Testing as a Service
Although modern approaches to penetration testing (including crowdsourcing) are well on their way to widespread adoption, many customers are still dissatisfied with pen test time-to-launch, speed, agility, and results. One key reason is that testing is nontransparent: Once it starts, customers have no visibility into how well the testing is progressing, which steps in the testing methodology have been covered, what findings are being discovered, and whether the test will deliver actionable results on time. Instead, a final report is dropped in their proverbial laps, and there’s no recourse if the findings are late (delaying remediation) or aren’t what were expected.
Instead, Bugcrowd is committed to providing the fastest, most agile, and most transparent penetration testing as-a-service (PTaaS) available. In our PTaaS solution on the Bugcrowd Security Knowledge Platform, we already provide real-time visibility into findings from pen testers as they are discovered, triaged, validated, and prioritized by our world-class Validation and Triage services for highest fidelity results. Today, we’re announcing a rich, new dashboard with customer visibility into the progress of methodology-based pen tests, as well–completing a 360-degree, real-time view for pen testers, customers, and Bugcrowd Security Engineers–as well as even more precise crowd matching results from the Bugcrowd Platform’s CrowdMatchTM ML technology.
Previously, we described how our platform’s CrowdMatch ML recommendation engine delivers excellent results for customers by auto-matching trusted, qualified, motivated researchers to their precise needs and environment across hundreds of dimensions. Now, thanks to the richest security knowledge graph in the industry built over a decade of building 1000s of customer solutions, we’ve further improved the machine learning model that powers CrowdMatch.
We estimate this new model will lead to at least a 60% increase in valid submissions from matched and activated pen testers/researchers, which we know from experience will directly translate into better overall results and ROI for customers. Furthermore, for ethical hackers and researchers, this improved matching performance provides more opportunities to work on challenging, impactful problems and earn more rewards.
With these new enhancements, Bugcrowd’s PTaaS solution now ensures that:
- Trusted, motivated pen testers can be precisely, dynamically matched to the customer’s needs by CrowdMatch to deliver better results, with tests launching per your requirements in 72 hours or less.
- All pen testers can stay on track and know exactly what’s expected as they complete their methodology checklist.
- Bugcrowd Security Engineers can deliver a great customer experience by rapidly validating and triaging issues for most actionable results, and then adding contextual remediation advice, as they’re discovered.
- Testing can stay on track because customers always know exactly how well the test is progressing, rather than having zero visibility or chance to course-correct until the final report is delivered. Customers get rapid access to the final report through their dashboard, as well.
This new dashboard with 360-degree visibility into methodology-based pen tests will be enabled for all customers on the Bugcrowd Security Knowledge Platform in the next month or two, giving them even faster, better results than before.
To explore the business impact of Bugcrowd PTaaS, download this IDC research which documents nearly a 500% ROI for customers over three years.
Enhanced Payment Notifications
Furthermore, the Bugcrowd Platform already offers best-in-class payments infrastructure to support flexible researcher payments and incentives for differing use cases. That now includes more granular notifications for payments-related events, such as when the bounty pool reaches a certain threshold or pool funds are moved across programs.
Follow the Roadmap
The Bugcrowd Platform is growing and getting more productive and useful all the time. Stay tuned for news about more milestones as we reach them!