Cloudinary Turns to Crowdsourced Security with Bugcrowd

Download Case Study

89% of organizations have prioritized a digital-first strategy this year, with 62% saying the ability to deliver excellent customer experience will dictate the success of this initiative. So it’s no surprise that securing the entire customer journey is a top priority for the world’s top companies. Cloudinary, a leading provider of media management solutions supporting many of the world’s biggest brands, is one such company.

Challenge:

  • With thousands of users and billions of assets relying on its platform, ensuring the highest levels of data security and protection is central to Cloudinary’s work. Since its inception it has taken steps to ensure that user trust is earned and maintained year over year through code reviews, developer training, and continuous and dynamic application security best practices. Yet, even with periodic penetration testing, and continual use of CVE scanners, Cloudinary wasn’t seeing the volume of critical, actionable vulnerabilities they expected from their testing investments.

    Wanting to double down on data security audits and protections, Cloudinary sought a scalable solution that would enhance their existing security stack.

Solution with Bugcrowd:

  • With a firm commitment to ensuring the utmost data protections, Cloudinary decided to partner with Bugcrowd to design and launch their first crowdsourced security program. After identifying the needs of the organization and the scope of the program, the two teams determined a bug bounty program was the ideal choice.

Program Results

  • Continuous Coverage: Ensured continuous, comprehensive testing coverage through 500+ submissions from nearly 360 researchers.
  • Fast Remediation: Quickly prioritized remediation for all valid submissions which were high or critical severity.
  • Customer First: Increased customer loyalty by demonstrating continued commitment to application security in a way that is easily understood.
We were using various forms of application security tests, but still saw an area for improvement. With Bugcrowd’s help, we were able to move quickly in an ever-threatening environment.
Netanel Fisher CISO at Cloudinary

Program Facts

Industry
Technology
Program Type
Managed Bug Bounty

Empower your security team with a Crowd of white hat hackers to find vulnerabilities in your code before the bad guys do.