How a Fully Managed Bug Bounty Program Keeps InVision Secure

Download Case Study

Opportunity

InVision, the award-winning product design collaboration platform, prioritizes product security with a robust approach to vulnerability management. To stay ahead of malicious attackers, InVision has implemented a suite of industry leading security tools and practices such as web application firewalls, regular vulnerability scans, third-party penetration tests and more.

Challenge

  • With an expanding attack surface and so many channels for vulnerability detection,
    simply maintaining continuous vulnerability assessment while juggling every other
    security function had become a real challenge.
  • InVision recognized that even with the multitude of application security tools and services
    available, small and large companies alike were being compromised. Clearly, companies
    are at an unfair advantage when it comes to keeping up with their adversaries.

Solution with Bugcrowd:

InVision initially launched a self-managed bug bounty program to meet those challenges but quickly became overwhelmed with managing the volume of submissions–from communicating with researchers and replicating vulnerabilities to coordinating development time and effort to deploy solutions.

Program Results:

Bugcrowd’s fully managed solutions offered them an opportunity to offload much of that work and focus on more sensitive areas within their application security organization.

Read the full case study below to learn more about InVision’s public bug bounty program.

Switching to a managed program with Bugcrowd reduced our required time and effort by at least 80% allowing us to not only focus on what matters the most, implementing the remediations, but also freeing up our security team to focus on other components of our security program.
Johnathan Hunt Vice President, Information Security

Program Facts

Industry
Technology
Program Type
Public Bug Bounty

Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.