Motorola Mobility is one of the world’s largest consumer electronics and telecommunications companies. It has a robust security program across many departments and applications.
After recognizing the need for a channel to connect with the security researcher community to find critical vulnerabilities quicker and more efficiently, the company launched its first crowdsourced security program with Bugcrowd in 2015.
- Motorola was running an internal, self-run bug bounty program, but it was a painful process.
- The small security team had to do all the vulnerability triage and validation, coordinate and communicate with thousands of security researchers around the world.
- While Motorola believed in the power of crowdsourcing security vulnerability findings, trying to do it internally with no structure around it become a drain on resources.
Solution with Bugcrowd:
- Motorola launched a private bug bounty program with Bugcrowd in March 2015 to engage with the Elite Crowd.
- After the success of its private bug bounty program, Motorola needed to open a channel to showcase security maturity and communicate the wider researcher community.
- Motorola then launched a vulnerability disclosure program in March 2018 to expand security coverage.
- Motorola Mobility was able to incorporate the Crowdcontrol platform into an ongoing and holistic security program using the most innovative technology available.
- It was able to automate a managed process from discovery, validation, reproduction, review/triage, submitter payment, ticket creation and on to a final successful outcome.
- The Elite Crowd and a public vulnerability disclosure program provide Motorola with maximum security coverage.