Press Release

Bugcrowd Expands its Vulnerability Disclosure Program with Email Intake


With three disclosure channels, Bugcrowd’s VDP Solution empowers organizations to choose their VDP approach

 Bugcrowd, the leader in crowdsourced security, announced today the release of Email Intake, the latest disclosure channel available through Bugcrowd’s Vulnerability Disclosure Program (VDP) Solution. The Bugcrowd Vulnerability Disclosure Program provides a channel and safe harbor for security researchers to submit security issues against any of an organization’s publicly facing digital assets. Through Bugcrowd’s centralized submission management platform, Email Intake further streamlines the processes of managing vulnerability submissions and meets the rising demand for a response solution to third-party reports.

“With pressure from both legislation and consumers concerned with the safeguarding of personal data, organizations are, now more than ever, embracing the work of ethical hackers,” said Casey Ellis, founder and CTO of Bugcrowd. “However, we’ve seen that many organizations are inundated by third-party vulnerability reports. With Email Intake, Bugcrowd’s VDP Solution now allows organizations to centralize incoming vulnerabilities reported via email into a single location, and more easily address identified issues.”

By adopting a VDP, organizations strengthen their security posture while establishing confidence and trust in their brand. Bugcrowd’s VDP solution provides three different disclosure channels -- Email Intake, Embedded Submissions Form, and the Crowdcontrol Platform -- allowing organizations to increase public awareness, gain maximum coverage, and meet legal compliance standards. With varying levels of public exposure, the three disclosure channels allow organizations to take a gradual approach to a public-facing VDP program, without becoming overwhelmed by a flood of findings.

"At Personal Capital, keeping customer data safe is a top priority. In the same way clients trust our unconflicted financial advice, they also trust us to keep their financial data secure and private," said Maxime Rousseau, CISO of Personal Capital. "As we continue to innovate on our free award-winning tools, we work hard to ensure all threats are properly mitigated. Using services such as Bugcrowd's Vulnerability Disclosure Program and Management is a cornerstone of this constant vigilance. Bugcrowd's platform allows us to engage with a wide community of researchers to receive the right security information while managing noise with consistency."

According to Gartner’s July 2017 Hype Cycle for Application Security, 2017, Because CSSTPs (Crowdsourced Security Testing Platforms) “take on engagements directly with independent third-party testers and oversee various administrative and testing activities (such as vetting reported vulnerabilities), they free up application security teams to focus on digesting reported vulnerabilities and performing remediation rather than dealing with logistical processes.”

As Bugcrowd continues its mission to drive the long-term success of organization security teams and researchers around the globe, its VDP solution, bolstered by Email Intake, allows organizations the flexibility and confidence to protect themselves and their assets from the cyber threat landscape.

Email Intake is available starting today. For more information read the full release notes.

Additional Resources:

About Bugcrowd
Bugcrowd is trusted by more of the Fortune 500 than any other crowdsourced security platform. Why? Because people need the increased security of a bug bounty without all the extra work and chaos. Bugcrowd cracked the code on crowdsourced security through rock-solid program management, top trusted researchers and a versatile platform. That’s how our vulnerability disclosure and bug bounty programs find seven times as many critical vulnerabilities as traditional testing. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Bugcrowd. Outhack Them AllTM. Learn more at www.bugcrowd.com.


  •  
  •  
  •  
  •