DASH Hardens Cryptocurrency With Bugcrowd
Our traditional application security practice produces great results early in the lifecycle and deep in our services, but the breadth and depth of post-implementation assurance provided by the crowd really completes the secure development lifecycle. Multiplying the specialization of a single bounty hunter by the size of the crowd creates a capability that just can’t be replicated by individual organizations.
Bug Bounty Program
- The global security community is becoming more familiar with the bug bounty model and more creative in finding flaws.
- New types of systems are emerging, presenting additional opportunity for even more security concerns.
- Even with a fully dedicated security team, Atlassian needed more help in building more secure products rather than triaging and validating incoming vulnerability findings.
- Implementing a Bugcrowd fully managed bug bounty program helped Atlassian uncover vulnerabilities faster than ever, freeing up their security team to allocate more time to finding anti-patterns and implementing broad mitigations.
- By demonstrating their security posture, Atlassian is not only instilling confidence in the security of their products, they’re upholding one of the company’s core values: Openness.
Security at Dash
Dash is a leading e-commerce and payments-focused digital currency, and the fast-growing alternative to bitcoin. With over 1000% year-on-year growth in both value and trading volume since 2015, Dash has been consistently ranked in the top ten digital currencies by market capitalization and one of only a few offering safe, decentralized financial solutions to real world problems.
As cryptocurrencies become more mainstream, identifying and fixing security vulnerabilities is imperative. But demand for security professionals outweighs the supply. Working with Bugcrowd alleviates that pain point, harnessing the power of the Crowd to scale and secure its online payments. But that’s not the only value Dash derives from working with Bugcrowd.
Seizing the Opportunity
Meaningful amounts of cryptocurrency are an obvious target, attracting a powerful incentive for thieves on a global scale. Dash understands security is absolutely imperative to money markets but they were limited in time and resources. They needed external feedback on code to ensure the security of the cryptocurrency they held.
Bug bounty programs attract fresh eyes to review code, ensuring white-hat hackers identify security flaws that your security and development team can’t. Dash launched a private bug bounty program in August 2017 with Bugcrowd, which tapped into a curated, invite-only crowd to find the company’s platform vulnerabilities. Dash took the program public after two weeks, inviting registered security experts around the world to detect issues on behalf of Dash, strengthening Dash’s overall security.
The program paid for itself when we received our first critical vulnerability submission. It was basically like hacking into a bank — the vulnerability enabled an attacker to bypass a very important security feature in our wallet application. It saved not only our end user’s personal and financial data, but it also saved us embarrassment.
Dash Relies on Bugcrowd for Program Management
Dash values Bugcrowd as a partner because of many reasons. The one that stands out especially, is the unique expertise and tool set that Bugcrowd makes available to Dash’s security team to focus on the company’s core business. Dash relies on Bugcrowd to incentivize thousands of security researchers to surface critical software vulnerabilities.
Regardless of size, organizations that attempt a self-managed program quickly find the process overwhelming and ineffective.
Defining scope, identifying program security owners, establishing a vulnerability management program, liaising with the security researcher community, and determining time-to-fix agreements within that program — all of these require time and resources both in the setup, and on an ongoing basis as the program evolves.
By choosing Bugcrowd to manage their bug bounty, Dash has taken the work out of running a bug bounty program, so all they see are valuable results. Bugcrowd blends its program management, security DNA and deep researcher relationships to ensure the success of their crowdsourced security program.
Bug Bounty Program Results
Dash Digital Cash deals with sophisticated and complex code, already well-tested and vetted by the internal team. This requires expertise in a very specific field of hacking, which several of Bugcrowd researchers have and continue to refine over time.
Because of this complexity, over the course of one year, Bugcrowd researchers have identified 11 valid unique bugs in Dash digital cash applications. Bugcrowd’s triage and validation team filtered through 66 vulnerabilities submissions that were either out of scope, invalid, unreproducible, not applicable, or otherwise, saving Dash numerous hours of work.
Working with Bugcrowd brings Dash several different benefits. On top of vulnerabilities identified, reported, triaged and remediated, there is the additional benefit around PR. With a public Bugcrowd bug bounty, Dash can showcase its commitment to security, giving Dash users confidence of knowing the application they are using is tested and safe.
Over the course of the Dash bug bounty program, the company has experienced ongoing success and has adopted the Bugcrowd platform as an essential — if not primary — part of its security strategy.
Dash strives for a safer, stronger network. The leadership team invests heavily in ensuring Dash meets the highest security and quality standard possible. Working with Bugcrowd and funding the best bug bounty program in cryptocurrency is an example of their commitment.
Subscribe for updates
Read more customer case studies
Get Started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.