Personal Capital is a leading hybrid digital wealth management company with more than $9 billion assets under management, 20,000 investment clients in all 50 states, and more than 2 million using it’s free financial planning tools.
As a customer-centric wealth management company, Personal Capital understood it was a legitimate target for cyber attacks, and needed to have best-in-class security to protect its users and clients’ money and data.
Personal Capital turned to Bugcrowd to manage its vulnerability disclosure and bug bounty programs.
- Financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries.
- Professional services would find a significant number of findings that were false positives and not reproducible.
- They’d run a scan and send the results to engineering with little visibility on the quality of results or instructions on how to remediate.
- The team wasted hours trying to parse through bad data.
Solution with Bugcrowd:
- Personal Capital launched a managed vulnerability disclosure program with Bugcrowd.
- After seeing immediate success, Personal Capital evolved the program to include a private bug bounty with a goal of taking the program public.
- Personal Capital launched its public bug bounty program public in June 2019.
- The continuous testing from the Crowd provides the Personal Capital team with valuable vulnerability findings at scale.
- Crowdcontrol helps Personal Capital manage their programs from start to finish.
- Personal Capital was able to successfully integrate crowdsourced security into an ongoing and holistic security program using the most innovative technology and creative thinking available.