skip to Main Content
Redox is a leading full-service integration platform, accelerating the development and distribution of healthcare software solutions to securely and efficiently exchange data.
Redox needed a solution to ensure the sensitive patient data flowing through its platform was protected and the company’s security practices comply with both government regulations and customer requirements.
Redox launched a private Bug Bounty with Bugcrowd, with the goal to take the program public within the same year. The company did just that — publically incentivizing the hacker, pentester, and security researcher community to contribute highly critical vulnerability submissions to its crowdsourced security program.
Challenge:
- In Healthcare, PHI (Personal Health Information) security is critically important, not just from a confidentially standpoint, but from an integrity standpoint.
- As healthcare continues to move into the digital age, effective cybersecurity measures are crucial for operational resiliency.
- Knowing the expanding attack surface and active adversaries, Redox was not content with the status quo, taking it one step further with crowdsourced security.
Solution with Bugcrowd:
- Redox launched its private bug bounty with Bugcrowd in July 2018.
- This approach proved very successful and allowed the company to increase the scope of the program over time.
- After running a wider scope private program for a few months, Redox took the program public in 2019.
Program Results
- Bug bounties more accurately reflect what real attackers are doing in terms of time and effort.
- Continuous testing in a safe way, ensuring Redox is not putting customer data at risk.
- Redox can exercise process for handling vulnerabilities more regularly which helps ensure it is a well-oiled machine, rather than dealing with issues after every pen test.
