SEEK is Australia’s number one employment marketplace, bringing together a strong portfolio of online employment, educational, commercial and volunteer businesses.
With an expanding attack surface and highly motivated adversaries, SEEK recognized it needed to create a consolidated channel for vulnerability reporting and improve internal and external security testing practices.
To achieve this, they tapped Bugcrowd’s platform and community of white hat hackers, launching its crowdsourced security program in 2016.
- Over the years, the team had incorporated varying technology stacks and “backend” systems for managing different parts of the business.
- Combine that with the highly sensitive user data shared on SEEK, and you have your hands full.
Solution with Bugcrowd:
- SEEK started working with Bugcrowd in June 2016. To get the business comfortable with running a bug bounty against the production systems, SEEK started with a small limited scope.
- After running a wider scope private program for a few years, SEEK took the program public in 2019.
- Bugcrowd has enabled SEEK to identify “patterns” of vulnerabilities that no one else had. Identifying these patterns has allowed SEEK to establish secure defaults.
- SEEK’s crowdsourced security testing coverage is wider than their other testing processes, so they were able to get valuable findings from the older, less top-of-mind, systems.
- SEEK also increased awareness of its security maturity among its users.