Crawl, Walk, Run: How Twilio Has Successfuly Harnessed the Power of the Crowd for Years

Download Case Study

Twilio, the cloud communications company out of San Francisco, CA, is an early adopter and innovator in the cybersecurity domain. Although they have consistently prioritized Product Security, they wanted to concentrate their efforts on the areas of greatest risk. To help augment their internal and external testing efforts, they turned to the crowd to start uncovering more vulnerabilities and learn from those findings.

Solution with Bugcrowd:

  • Twilio started with a private bug bounty program and moved to a public bug bounty program.

Program Results

  • Crowdsourced testing has improved upon their existing Product Security initiatives, finding additional unknown and high-value vulnerabilities and an incredible return on investment.
  • The additional layer of triage and validation provided by Bugcrowd has allowed them to increase their vulnerability finding capabilities while freeing up resources and allowing their security team to focus on other areas of the business.
By adding the power of the talented researcher community to our Product Security program, we’ve learned a lot about how people outside the company think about our products, additional scenarios where products can be at risk and what else we could do to protect our products. We’ve used this information to put a sharper focus on the areas of greatest risk, which has been invaluable to us as we scale.
Coleen Coolidge Senior Director, Information Security

Program Facts

Program Type
Private Bug Bounty, Public Bug Bounty

Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.