Find Out How Bugcrowd Helps Redox Secure Its Distributed Systems & Patient Data

Download Case Study

Redox is a leading full-service integration platform, accelerating the development and distribution of healthcare software solutions to securely and efficiently exchange data.

Redox needed a solution to ensure the sensitive patient data flowing through its platform was protected and the company’s security practices comply with both government regulations and customer requirements.

Redox launched a private Bug Bounty with Bugcrowd, with the goal to take the program public within the same year. The company did just that — publically incentivizing the hacker, pentester, and security researcher community to contribute highly critical vulnerability submissions to its crowdsourced security program.


  • In Healthcare, PHI (Personal Health Information) security is critically important, not just from a confidentially standpoint, but from an integrity standpoint.
  • As healthcare continues to move into the digital age, effective cybersecurity measures are crucial for operational resiliency.
  • Knowing the expanding attack surface and active adversaries, Redox was not content with the status quo, taking it one step further with crowdsourced security.

Solution with Bugcrowd:

  • Redox launched its private bug bounty with Bugcrowd in July 2018.
  • This approach proved very successful and allowed the company to increase the scope of the program over time.
  • After running a wider scope private program for a few months, Redox took the program public in 2019.

Program Results

  • Bug bounties more accurately reflect what real attackers are doing in terms of time and effort.
  • Continuous testing in a safe way, ensuring Redox is not putting customer data at risk.
  • Redox can exercise process for handling vulnerabilities more regularly which helps ensure it is a well-oiled machine, rather than dealing with issues after every pen test.


The advantage of having crowdsourced security as part of our program is the continuous testing. Security researchers can actually spend time testing to find critical flaws, rather than being time bound in a traditional pen test. Bug bounties more accurately reflect what real attackers are doing in terms of time and effort.
Ben Waugh Chief Security Officer

Program Facts

Use Case
Better Security for Patient Data
Program Type
Private to Public Managed Bug Bounty

Empower your security team with a Crowd of white hat hackers to find vulnerabilities in your code before the bad guys do.