Customer Case Study

Motorola


Learn how Motorola Mobility reduces risk with Bugcrowd’s Private Bug Bounty and VDP.

Motorola Mobility is one of the world’s largest consumer electronics and telecommunications companies. It has a robust security program across many departments and applications.

After recognizing the need for a channel to connect with the security researcher community to find critical vulnerabilities quicker and more efficiently, the company launched its first crowdsourced security program with Bugcrowd in 2015.

Challenge:

  • Motorola was running an internal, self-run bug bounty program, but it was a painful process.
  • The small security team had to do all the vulnerability triage and validation, coordinate and communicate with thousands of security researchers around the world.
  • While Motorola believed in the power of crowdsourcing security vulnerability findings, trying to do it internally with no structure around it become a drain on resources.

Solution with Bugcrowd:

  • Motorola launched a private bug bounty program with Bugcrowd in March 2015 to engage with the Elite Crowd.
  • After the success of its private bug bounty program, Motorola needed to open a channel to showcase security maturity and communicate the wider researcher community.
  • Motorola then launched a vulnerability disclosure program in March 2018 to expand security coverage.

Program Results

  • Motorola Mobility was able to incorporate the Crowdcontrol platform into an ongoing and holistic security program using the most innovative technology available.
  • It was able to automate a managed process from discovery, validation, reproduction, review/triage, submitter payment, ticket creation and on to a final successful outcome.
  • The Elite Crowd and a public vulnerability disclosure program provide Motorola with maximum security coverage.