Learn how Motorola Mobility reduces risk with Bugcrowd’s Private Bug Bounty and VDP

Download Case Study

Opportunity

Motorola Mobility is one of the world’s largest consumer electronics and telecommunications companies. It has a robust security program across many departments and applications.

After recognizing the need for a channel to connect with the security researcher community to find critical vulnerabilities quicker and more efficiently, the company launched its first crowdsourced security program with Bugcrowd in 2015.

Challenge:

  • Motorola was running an internal, self-run bug bounty program, but it was a painful process.
  • The small security team had to do all the vulnerability triage and validation, coordinate and communicate with thousands of security researchers around the world.
  • While Motorola believed in the power of crowdsourcing security vulnerability findings, trying to do it internally with no structure around it become a drain on resources.

Solution with Bugcrowd:

  • Motorola launched a private bug bounty program with Bugcrowd in March 2015 to engage with the Elite Crowd.
  • After the success of its private bug bounty program, Motorola needed to open a channel to showcase security maturity and communicate the wider researcher community.
  • Motorola then launched a vulnerability disclosure program in March 2018 to expand security coverage.

Program Results

  • Motorola Mobility was able to incorporate the Crowdcontrol platform into an ongoing and holistic security program using the most innovative technology available.
  • It was able to automate a managed process from discovery, validation, reproduction, review/triage, submitter payment, ticket creation and on to a final successful outcome.
  • The Elite Crowd and a public vulnerability disclosure program provide Motorola with maximum security coverage.
What is amazing about Bugcrowd — With all the security technology and process that we have in place at Motorola we always find bugs when product goes live. Bugcrowd has saved us close to $60 million, simply because we’ve avoided major data breaches in the eyes of our customers.
Richard Rushing CISO of Motorola Mobility

Program Facts

Industry
Consumer Electronics
Use Case
Better application security
Program Type
Vulnerability Disclosure & Private Bug bounty

Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.