Request a Demo Contact Us
Need a Pen Test? Get Started Now!
Learn More

Learn how TaxSlayer keeps taxpayers data safe and secure with Bugcrowd.

“In the tax preparation software industry, we deal with highly sensitive data for a large number of individuals. You can pretty much learn anything you want to know about an individual from their tax return. And because of that, we need to make sure the data stays completely secure, which starts with making sure the applications we’re developing are secure as well.”

— Michael Blache, CISO, TaxSlayer
Products

Bug Bounty Programs

Industry

Financial Services

  • Challenges

    • TaxSlayer deals with some of the most personal and sensitive data out there.
    • While they were using a variety of application security testing solutions, they worried vulnerabilities were falling through the cracks.
  • Outcomes

    • A private bug bounty program allowed TaxSlayer to harness the power of the Elite Crowd in a more controlled environment.
    • TaxSlayer not only uses the vulnerability information to remediate vulnerabilities but also has used it as a training tool for the security and development teams.
    • The program paid for itself in less than one month.

Security at TaxSlayer

Based out of Augusta, Georgia, TaxSlayer, a leading tax preparation and financial technology company, offers the ability for millions of Americans to electronically file their taxes. The company successfully completed more than 10 million state and federal e-filed tax returns in 2018 and processed $12 billion in refunds. TaxSlayer is highest rated for ease of use, speed of filing, best value and most trusted according to the 2017-18 American Online Tax Satisfaction Survey. Customers rate TaxSlayer’s TrustScore is an 8.5 out of 10 on Trustpilot. Given the nature of their business, having security built into its software is paramount.

Ease of Use & Cost Effectiveness


While TaxSlayer wanted to employ the expertise of independent, unbiased researchers outside of the organization for breath and depth of testing, they also wanted the flexibility to tailor their testing pool based on specific skill sets.

Private bug bounty programs allow organizations to harness the power of the Elite Crowd – diversity of skill and perspective at scale – in a more controlled environment. At Bugcrowd, only those researchers who have a proven track record, those who have proven their skill and trustworthiness receive invitations to private programs. Private programs can be scoped or built around a customer’s testing needs and parameters. A private program can also meet requirements around background checking, ID verification or even location.

Bugcrowd provides TaxSlayer with access to Elite whitehat hackers around the world who test the front- and back-end functionality of TaxSlayer’s professional and individual tax preparation products. With help from Bugcrowd, TaxSlayer offers a secure and reliable product for the millions of Americans that use its service.

For TaxSlayer, implementing a bug bounty program with Bugcrowd was a no brainer, freeing up internal resources and demonstrating a return on investment immediately.

The vulnerability information we receive from the program has proven to be a valuable tool in training our internal employees on what to look for, and how to use the tools associated with doing application security testing.

Michael Blache, CISO

The Program Paid for Itself

Prior to running a bug bounty program with Bugcrowd, TaxSlayer lacked visibility. While they were using a variety of application security testing solutions, they worried vulnerabilities were falling through the cracks. Implementing a bug bounty program with Bugcrowd provided the visibility TaxSlayer needed to quickly find critical vulnerabilities.

More Secure Coding

TaxSlayer not only uses the vulnerability information to remediate vulnerabilities, the company has used it as a training tool for the security and development teams. Bugcrowd hackers provide a lot of detail about how to replicate the bugs and the remediation steps and resources include details on how to avoid the vulnerability in the future. TaxSlayer uses this information to train their internal teams.

The Bugcrowd Advantage

Bugcrowd simplifies and streamlines vulnerability disclosure and remediation. With the largest, most experienced team for managed crowdsourced security programs Bugcrowd has 4x more experience managing bug bounty programs than the competitor.

  • An all-in-one platform for simplified vulnerability reporting and solution management.
  • Comprehensive onboarding for each program: Program briefs, with scope, rewards and rules/regulations drive great accurate,
    actionable submissions with less noise.
  • Expert triaging: Eliminates clean-up work for the internal security for faster risk reduction.

Subscribe for updates

Get Started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.