Replacing Traditional Penetration Testing with an On-Demand Bug Bounty Program
Instructure, from its inception, has proactively published the results of its annual security survey to add full transparency to its security posture.
Initially the survey was based on traditional penetration testing results, but the team quickly realized this approach offered limited value and was not a comprehensive method to identifying critical vulnerabilities.
In 2014 Instructure turned to Bugcrowd to provide a more leading-edge and thorough crowdsourced based assessment.
Instructure’s traditional penetration testing approach offered limited value and was not a comprehensive method to identifying critical vulnerabilities.
Solution with Bugcrowd:
Working with Bugcrowd has moved Instructure beyond just the checkbox pen tests, to the results delivered by a cadre of human researchers with vast experience, knowledge and purpose.
New collaboration between Instructure’s vulnerability detection group and the remediation process engineering team has expedited faster vulnerability resolution.
Instructure has seen 5X growth in vulnerability findings over traditional security testing. The team is investing in additional Bugcrowd programs to expand the footprint of their security program. Read the full case study below to learn more about Instructure’s bug bounty program.