BUGCROWD REPLACES TRADITIONAL PEN TEST FOR INSTRUCTURE’S SECURITY AUDIT

Opportunity

Instructure, from its inception, has proactively published the results of its annual security survey to add full transparency to its security posture.

Initially the survey was based on traditional penetration testing results, but the team quickly realized this approach offered limited value and was not a comprehensive method to identifying critical vulnerabilities.

In 2014 Instructure turned to Bugcrowd to provide a more leading-edge and thorough crowdsourced based assessment.

Challenge:

Instructure’s traditional penetration testing approach offered limited value and was not a comprehensive method to identifying critical vulnerabilities.

Solution with Bugcrowd:

Working with Bugcrowd has moved Instructure beyond just the checkbox pen tests, to the results delivered by a cadre of human researchers with vast experience, knowledge and purpose.
New collaboration between Instructure’s vulnerability detection group and the remediation process engineering team has expedited faster vulnerability resolution.

Program Results:

Instructure has seen 5X growth in vulnerability findings over traditional security testing. The team is investing in additional Bugcrowd programs to expand the footprint of their security program. Read the full case study below to learn more about Instructure’s bug bounty program.

The cybersecurity landscape is an ever evolving one, so we knew we had to do something different, something innovative with this year’s audit, and that is what Bugcrowd offered us. We’ve continued with the Bugcrowd program because it consistently delivers quantifiable results and practical reports, tools that we then can use to internally remediate issues before they become customer problems. We now know what to tackle first.

Q. Wade Billings VP, Technology Services