Learn how Outreach.io streamlines vulnerability data communication using Bugcrowd’s bi-directional Jira integration

Download Case Study

Opportunity

Outreach is a leading sales engagement platform, that automates and prioritizes customer touch points throughout the customer lifecycle, resulting in increased productivity for revenue teams. At Outreach, users’ security is paramount.

Outreach runs a private bug bounty program with Bugcrowd, as well as on-demand programs to ensure the company gets as much security vulnerability coverage as possible. To ensure those vulnerabilities get communicated to the right stakeholders at the right time with the right instructions, Outreach benefits from Bugcrowd’s bi-directional Jira integration.

Challenge:

  • Thousands of customers rely on Outreach.io to increase efficiency and effectiveness of reps, drive collaboration between sales, marketing, and success, and deliver revenue lift.
  • Since Outreach has different teams owning different features of the platform, the company needed a way to filter each incoming vulnerability report coming in from Bugcrowd to the specific team owning the code.

Solution with Bugcrowd:

  • The company runs a successful, continuous private bug bounty program with Bugcrowd, as well as on-demand programs when there is a big new feature release upcoming.
  • Outreach utilizes Bugcrowd’s bi-directional Jira integration for multiple projects to get the right information to the right developer group, so they can focus on what is important to them and take action fast.

Program Results

  • Outreach.io has been able to maintain strong engagement across targets. Early on in the program, the program received a P1. For Outreach, it was incredible to find that up front and be able to fix it quickly.
  • Additionally, Bugcrowd’s bidirectional Jira integration lowered developer overheard for Outreach, expediting time to remediation and secure code production.  
It’s huge to be able to directly push vulnerabilities into our Jira queue. We don’t have to treat it any differently, depending on what part of our application is affected, a ticket is created and tasked to the team responsible for building it.
Martin Rues CISO Outreach

Program Facts

Industry
Internet
Use Case
Better vulnerability data communication across teams
Program Type
Private Bug Bounty

Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.