Since I started Bugcrowd, the one constant has been continual amazement at the pace of growth of the crowdsourced security movement we initiated back in 2012.
We started publishing our annual ‘State of Bug Bounty Report’ three years ago both as both a vehicle for transparency, and to serve as a barometer for this growth. I’m very pleased with the results I see in this year’s report, and proud of the work my team has put into making those results both insightful and valuable for readers — both hackers and CISOs alike.
When we had the idea to release this annual report three years ago we could only imagine how much growth we’d see in such a short amount of time. All 600+ programs represented are delivered via the Crowdcontrol platform and fully managed by our specialist teams – so the year-over-year comparisons are truly reflective of the success of this model in the market, not just its adoption.
It’s no surprise that enterprise adoption grew threefold this year. As the model picks up steam, it’s attracted more of the traditionally risk averse businesses that are feeling the impact of a growing attack surface and motivated adversaries. It’s why more organizations are turning to white-hat hackers: A community they’ve traditionally found difficult to trust, but with whom Bugcrowd enables successful interaction – time, after time, after time.
Although some of the largest Bay Area tech companies are happy Bugcrowd customers, breaking the crowdsourced security concept out of the technology-company sandbox and spreading it across traditional enterprise verticals like retail, finance, and automotive has been our goal since we started this business four years ago. This year’s State of Bug Bounty Report data shows that we were correct in that thesis, and have delivered what’s needed to the market to make that possible.
Our platform was designed from the ground up to service the time-strapped enterprise user, and our dedicated team of application security engineers have been here since day one, triaging submissions to eliminate the signal-to-noise ratio to provide results. We’re now closing in on 55,000 valid submissions processed and delivered through Crowdcontrol to companies of all shapes and sizes, including many of the largest players all the way across the technology adoption spectrum.
In the coming weeks we’ll be taking a closer look at the findings in each section of the report. In the meantime if you haven’t already, I recommend taking a look at the full report.