Products
Bug Bounty Programs
Industry
Financial Services
-
Challenges
- TaxSlayer deals with some of the most personal and sensitive data out there.
- While they were using a variety of application security testing solutions, they worried vulnerabilities were falling through the cracks.
-
Outcomes
- A private bug bounty program allowed TaxSlayer to harness the power of the Elite Crowd in a more controlled environment.
- TaxSlayer not only uses the vulnerability information to remediate vulnerabilities but also has used it as a training tool for the security and development teams.
- The program paid for itself in less than one month.
Security at TaxSlayer
Based out of Augusta, Georgia, TaxSlayer, a leading tax preparation and financial technology company, offers the ability for millions of Americans to electronically file their taxes. The company successfully completed more than 10 million state and federal e-filed tax returns in 2018 and processed $12 billion in refunds. TaxSlayer is highest rated for ease of use, speed of filing, best value and most trusted according to the 2017-18 American Online Tax Satisfaction Survey. Customers rate TaxSlayer’s TrustScore is an 8.5 out of 10 on Trustpilot. Given the nature of their business, having security built into its software is paramount.
Ease of Use & Cost Effectiveness
While TaxSlayer wanted to employ the expertise of independent, unbiased researchers outside of the organization for breath and depth of testing, they also wanted the flexibility to tailor their testing pool based on specific skill sets.
Private bug bounty programs allow organizations to harness the power of the Elite Crowd – diversity of skill and perspective at scale – in a more controlled environment. At Bugcrowd, only those researchers who have a proven track record, those who have proven their skill and trustworthiness receive invitations to private programs. Private programs can be scoped or built around a customer’s testing needs and parameters. A private program can also meet requirements around background checking, ID verification or even location.
Bugcrowd provides TaxSlayer with access to Elite whitehat hackers around the world who test the front- and back-end functionality of TaxSlayer’s professional and individual tax preparation products. With help from Bugcrowd, TaxSlayer offers a secure and reliable product for the millions of Americans that use its service.
For TaxSlayer, implementing a bug bounty program with Bugcrowd was a no brainer, freeing up internal resources and demonstrating a return on investment immediately.
The vulnerability information we receive from the program has proven to be a valuable tool in training our internal employees on what to look for, and how to use the tools associated with doing application security testing.
The Program Paid for Itself
Prior to running a bug bounty program with Bugcrowd, TaxSlayer lacked visibility. While they were using a variety of application security testing solutions, they worried vulnerabilities were falling through the cracks. Implementing a bug bounty program with Bugcrowd provided the visibility TaxSlayer needed to quickly find critical vulnerabilities.
More Secure Coding
TaxSlayer not only uses the vulnerability information to remediate vulnerabilities, the company has used it as a training tool for the security and development teams. Bugcrowd hackers provide a lot of detail about how to replicate the bugs and the remediation steps and resources include details on how to avoid the vulnerability in the future. TaxSlayer uses this information to train their internal teams.
The Bugcrowd Advantage
Bugcrowd simplifies and streamlines vulnerability disclosure and remediation. With the largest, most experienced team for managed crowdsourced security programs Bugcrowd has 4x more experience managing bug bounty programs than the competitor.
- An all-in-one platform for simplified vulnerability reporting and solution management.
- Comprehensive onboarding for each program: Program briefs, with scope, rewards and rules/regulations drive great accurate,
actionable submissions with less noise. - Expert triaging: Eliminates clean-up work for the internal security for faster risk reduction.
Subscribe for updates
Read more customer case studies
Instructure
Instructure, from its inception, has proactively published the results of its annual security survey to add full transparency to its...
Read MoreAruba Networks
After evaluating their current testing capabilities and organizational goals, Aruba decided to harness the collective power of human intelligence through...
Read MoreDirectly
From self-parking cars to smart personal assistants, AI is changing the way we live. All AI systems rely on data...
Read MoreGet Started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.