Request a Demo Contact Us
Join us at Inside the Mind of a Hacker 2023 Webinar on October 12 at 11:00 AM ET
Join Us

How Okta’s Bug Bounty Program Augments Internal Testing and Delivers Incredible ROI

“Efficiency and effectiveness of the crowd is really why we bring them on… Because we have the crowd involved in the vulnerability management program, it’s helped in expanding of our team for a fraction of the cost. Now my internal resources are better utilized.”

- David Baker, CSO, Okta

Bug Bounty Program



  • Challenges

    Finding efficient solutions to augment internal security testing.

  • Outcomes

    Okta’s bug bounty program has been a cost effective and efficient component of their SDL and vulnerability management program, allowing their internal security team to scale and optimize resources

Augmenting Okta’s Internal Team with the Crowd

From the beginning, Okta, a leading provider of identity for the enterprise, has built strong offensive and defensive security functionality.They have maintained the highest standards of security testing both internally and externally–now the crowd is part of those efforts.

In early 2015, Okta’s security team, led by CSO David Baker, turned to the crowd through launching a private bug bounty program with Bugcrowd, who worked closely with their team to invite the top researchers to test their applications. With the help of Bugcrowd’s powerful triage and management support, Okta receives only high-value, ready-to-fix vulnerabilities, making it a key component of their vulnerability management program and SDL.

How the Crowd Maximizes Security ROI

Through continuous testing in earlier phases of design and development, their program gets as close to end-to-end security testing as possible. The volume of testing resources has delivered incredible throughput as depicted below in monthly testing volume from the crowd during their initial private program.

Furthermore, although bounty payouts vary with criticality and over time, Okta’s bug bounty program has actually ended up being more cost effective than other testing methods. This efficiency and effectiveness make their program key to their SDL and vulnerability management programs, supporting better utilization of internal resources and improved overall security ROI.

At Okta, we’re squarely focused on customer success. For my security team, that translates directly to customer security and assurance. Our private bug bounty program with Bugcrowd expanded coverage of my internal attack team by adding a solid bench of diversity and breadth of capabilities.

David Baker, Chief Security Officer

Private to Public

After an extended private bug bounty program with Bugcrowd, Okta opted to launch a public bug bounty program to leverage the full scope of Bugcrowd’s tens of thousands of cybersecurity researchers.

The program will augment Okta’s industry-leading security team and strategy to further enhance the security of the Okta Identity Cloud through working closely with the researcher community

Subscribe for updates

Get Started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.