Kenna Security is a leader in vulnerability management, serving many Fortune 100 companies and nearly every major vertical. Being a top vulnerability management platform, the security of its own platform is top of mind to protect threat intelligence and customer’s data. Kenna Security employs a slew of cybersecurity tools and services to ensure protection, including a bug bounty program. Kenna Security turned to Bugcrowd to manage the bug bounty program all the way through remediation.
Challenge:
- For a number of years, Kenna ran its own bug bounty program. While very successful, their security team was finding it difficult to manage the sheer number and varying quality of incoming reports.
- Kenna did not have the breadth, nor the reach needed to get the number or quality of testers they needed for a successful program.
Solution with Bugcrowd:
- The company launched its first managed bug bounty program with Bugcrowd in early 2014.
- Kenna Security integrates Bugcrowd into its overall software development lifecycle, from beginning to end.
- Kenna Security’s bug bounty program adheres to the VRT.
Program Results
- When Kenna moved its bug bounty program over to Bugcrowd, they saw an immediate improvement in submission “noise,” which ultimately optimized internal team resources and security spend.
- Over the course of its latest program, they have been able to maintain strong engagement across targets.
- Based on a Kenna Security’s security maturity and business priorities, Bugcrowd has helped Kenna’s security team map out a bounty reward range best aligned to the business needs.
