Redox is a leading full-service integration platform, accelerating the development and distribution of healthcare software solutions to securely and efficiently exchange data.

Redox needed a solution to ensure the sensitive patient data flowing through its platform was protected and the company’s security practices comply with both government regulations and customer requirements.

Redox launched a private Bug Bounty with Bugcrowd, with the goal to take the program public within the same year. The company did just that — publically incentivizing the hacker, pentester, and security researcher community to contribute highly critical vulnerability submissions to its crowdsourced security program.

Challenge:

• In Healthcare, PHI (Personal Health Information) security is critically important, not just from a confidentially standpoint, but from an integrity standpoint.
• As healthcare continues to move into the digital age, effective cybersecurity measures are crucial for operational resiliency.
• Knowing the expanding attack surface and active adversaries, Redox was not content with the status quo, taking it one step further with crowdsourced security.

Solution with Bugcrowd:

• Redox launched its private bug bounty with Bugcrowd in July 2018.
• This approach proved very successful and allowed the company to increase the scope of the program over time.
• After running a wider scope private program for a few months, Redox took the program public in 2019.

Program Results

• Bug bounties more accurately reflect what real attackers are doing in terms of time and effort.
• Continuous testing in a safe way, ensuring Redox is not putting customer data at risk.
• Redox can exercise process for handling vulnerabilities more regularly which helps ensure it is a well-oiled machine, rather than dealing with issues after every pen test.