According to analyst firm Enterprise Strategy Group, 74% of cybersecurity professionals say their organization has been impacted by the global cybersecurity skills shortage. Cybersecurity professionals today have a lot on their plate, with increasing pressures around new IT initiatives, data privacy, and combating the next big breach, it’s hard to keep up — and that includes dealing with the multitude of tools they use. The 2018 Annual Cybersecurity Report by Cisco illustrates 41% of organizations are using technologies and services from as many as 50 different vendors. Cybersecurity professionals need as much help as they can get to manage tools, better prioritize tasks, and move quickly.
Both our customers and our researchers are among this group. They have limited time to spend with any security tool, and we understand that our platform is no different. That’s why we’ve made it easier than ever to optimize onboarding, request premium SLAs, automatically accept and payout rewards, and prioritize your work queue — so you can get set up quickly and optimize your time in platform so they can find and fix vulnerabilities faster.
Get Set Up Faster with Self-Serve Onboarding
Many of our new customers have a clear vision for how, where, and when they’d like to employ Bugcrowd’s crowdsourced security solutions. In an effort to remove any barriers to program set-up, we’ve launched Bugcrowd Self-Serve – the only standardized self-service onboarding workflow in the market. This new onboarding workflow enables easy program setup based on best practices identified through thousands of Bugcrowd managed programs.
Through our customer portal, you can sign up, define targets of interest, and select any additional researcher skills believed important, directly through a user-friendly UI, enabling easy and quick ramp-up for any new Vulnerability Disclosure or Bug Bounty On-Demand Program.
Our Solutions Architecture and Account Executives teams are notified once you complete the onboarding workflow, so that your program can be ready for launch.
Go Beyond Just Objectives with Premium SLAs
The criticality scale for a vulnerability submission ranges from Priority 1 (P1) to Priority 5 (P5), 1 being the most critical, 5 being the least critical. This scale provides researchers and companies a baseline for prioritization of a fix and potential reward amount. Our Vulnerability Rating Taxonomy rates the priority of vulnerabilities by type.
Bugcrowd proudly achieves an average first touch-time for P1 vulnerabilities of under one business day, and triage-time for that same category of under two business days. While this goes beyond the standard response time objective for most businesses, some customers require more immediate attention, no matter the day.
To accommodate this, Bugcrowd is thrilled to launch the industry’s first two premium SLA options, “Priority Triage” and “P1 24/7.” Priority Triage SLA provides customers with first touch-time of one business day across all vulnerabilities, and triage-times of one business day for P1s and two business days for all other severities. The P1 24/7 SLA provides customers P1 first touch-time and triage-time within 24 hours regardless of time or day, 24/7/365.
These two packages can be purchased independently or together as add-ons to any Bugcrowd program. As the industry’s only platform-enabled SLAs, our customers can receive rapid, prioritized response for all vulnerabilities regardless of severity or day, so they can focus on remediation.
Streamline SDLC workflow with Auto Accept/Pay
By popular request, Bugcrowd is enabling auto accept options for customers who want to ensure Bugcrowd-triaged vulnerabilities progress through the SDLC without delay. Similarly, auto-pay functionality enables researchers to get paid quickly for valid vulnerabilities, promoting goodwill and program loyalty.
By enabling auto-accept of Bugcrowd validated vulnerabilities, customers agree to allow Bugcrowd to change vulnerabilities from “under-review” to “customer accepted” after a defined period of inactivity (best practice is seven days).
Programs with auto-accept enabled also have the option to enable auto-pay, which triggers requisite researcher payments. Enabling Bugcrowd to auto-accept and auto-pay ASE validated vulnerabilities on your behalf will reduce the time you spend on program management, and optimize your time in platform.
Prioritize Which Bugs to Fix First with Work Queue
According to our customers, finding more critical vulnerabilities and improving internal efficiency are the top two benefits they see with Bugcrowd over traditional methods and competitive solutions. To further help our customers prioritize the increasing amount of vulnerability submissions and improve efficiency, we’ve introduced our new Work Queue platform functionality.
Work Queue automatically organizes tasks due for completion according to priority and action type. This simplified work orchestration allows stakeholders to more quickly process through valid vulnerabilities and pay out rewards to researchers at scale. Both standard and premium SLAs are now supported. If you have a P1 that’s been pending for a week, it moved directly to the top of your work queue. If you have a P5 that was reported seconds ago, it gets added to the queue, but moves to the bottom, relative to the other submission. Get critical vulnerabilities accepted, triaged, paid out, and resolved faster.
Bugcrowd is changing the way organizations think of security at scale, with the only true SaaS solution for on-demand and continuous crowdsourced security testing.
Backed by an elastic crowd of over 100k trusted whitehat hackers, our award winning platform provides intelligent skill matching, workflow standardization, and remediation advice to help companies like Tesla and MasterCard protect their critical assets at a fraction of the cost per vulnerability of other testing methods.
If you’re interested in learning more about these updates or working with Bugcrowd, set up a chat with a crowdsourced security expert today:
[button link=”https://www.bugcrowd.com/about/contact/”]Request a Meeting[/button]
We’ll also be at Black Hat (#960), BSides Las Vegas, and DEF CON all week. Stop by any of our tables to learn more!
