Code.org Adds a Layer of Always-on Security Testing with Bugcrowd

Download Case Study

Code.org is a nonprofit dedicated to expanding access to computer science in schools and increasing participation by women and underrepresented minorities.

Like many other education platforms, Code.org maintains compliance with several international, US federal, and state laws for data security and privacy including GDPR, FERPA, COPPA, PPRA, SOPIPA, and HB 5469, amongst others. That’s why their Software Development Cycle includes an embedded security review process for every proposed platform change, automated testing to ensure that assertions about the security of the platform do not lapse or regress when new features are shipped, and as of last year, a continuous security testing program with Bugcrowd.

Challenge:

  • Code.org utilized other external security programs to supplement robust internal security solutions, but they were found to be costly and lacked sufficient return on investment.

Solution with Bugcrowd:

  • A private, fully managed Bug Bounty Program for an ‘always-on’ approach to protecting student and educator information

Program Results

  • Consistent program engagement for more quality vulnerabilities
  • Risk reduction, resource efficiency, and workflow integration that helps reduce friction between Security and Development lifecycles

 

We have used other security programs in the past to supplement our internal security audits but these were costly and happened one to two times per year at best. With Bugcrowd, we’ve added an always-on approach to security.
Anthony Suarez Chief Technology Officer, Code.org

Program Facts

Industry
Non-Profit
Use Case
“Always-on” Approach to Protecting Student and Educator Information
Program Type
Private Bug Bounty

Empower your security team with a Crowd of white hat hackers to find vulnerabilities in your code before the bad guys do.