Code.org is a nonprofit dedicated to expanding access to computer science in schools and increasing participation by women and underrepresented minorities.
Like many other education platforms, Code.org maintains compliance with several international, US federal, and state laws for data security and privacy including GDPR, FERPA, COPPA, PPRA, SOPIPA, and HB 5469, amongst others. That’s why their Software Development Cycle includes an embedded security review process for every proposed platform change, automated testing to ensure that assertions about the security of the platform do not lapse or regress when new features are shipped, and as of last year, a continuous security testing program with Bugcrowd.
- Code.org utilized other external security programs to supplement robust internal security solutions, but they were found to be costly and lacked sufficient return on investment.
Solution with Bugcrowd:
- A private, fully managed Bug Bounty Program for an ‘always-on’ approach to protecting student and educator information
- Consistent program engagement for more quality vulnerabilities
- Risk reduction, resource efficiency, and workflow integration that helps reduce friction between Security and Development lifecycles