Bugcrowd, the #1 crowdsourced security company, today announced several platform enhancements to help customers gain global access to the right talent for every security threat, easily secure their entire attack surface, and deliver clear ROI for their security investments. With these latest enhancements, Bugcrowd continues to redefine the future of engagement for security services and enhance customers’ security posture.
Today’s security teams are drowning in solutions that were never built to adapt as an organization and threat landscape matures. Bugcrowd offers crowdsourced security on the customer’s terms. By codifying all the unique services needed to quickly match and manage the right security skills on-demand, the Bugcrowd platform enables customers to infuse crowdsourced security anywhere throughout their existing security lifecycles – even if that changes year-to-year, or day-to-day.
With a skills gap of 62%, the global cybersecurity workforce needs to grow by 145%. Enterprises are scrambling to access security talent with focused expertise that is in alignment with their growing threat landscape. Bugcrowd continues to measure and prioritize researcher skills and trust by leveraging data through CrowdMatchTM, a sophisticated talent sourcing engine indexed by historical performance and externally enriched data. Today, the company takes its signature researcher matching capabilities further with new third-party integrations and program availability options:
- By tapping into more publicly available sources of researcher skills and performance, customers will benefit from faster deployment of a wider range of security skills with more relevant experience to their unique security concerns.
- Researchers on the Bugcrowd platform can now preview, join, or be waitlisted for private programs once customer-defined requirements are met.
“Roughly 80% of crowdsourced security programs today are private,” said Mark Milani, global head of product and engineering at Bugcrowd. “With joinable programs and updates to CrowdMatch, we’re broadening the availability of private programs to researchers, matching the right talent to any security problem, and redefining the future of engagement for crowdsourced security. This delivers the highest ROI and fastest way to find and fix security vulnerabilities across the entire attack surface.”
A fast-expanding attack surface, continued migration of business systems to the cloud, and enterprises’ uncertainty in how to best defend themselves against threats, are leading them to seek expanded coverage and flexibility. Bugcrowd has doubled down on its focus to ensure rapid and infinite program scaling by offering:
- Increased visibility: users of Bugcrowd’s Attack Surface Management solution report up to a 97% reduction in unknown attack surface.
- Increased control: more oversight over multiple programs and the ability to spin up on-demand programs through a simple wizard which defaults to proven Bugcrowd best practices
- Increased access: CrowdMatch democratizes access to researchers with the best skills to help enterprises find high-impact vulnerabilities first and provide contextual intelligence so they can fix faster. Industries like FinServ, Telecommunications, and IoT, report their first critical submission in under 1.6 days on average.
Whether they know it or not, 85% of businesses have experienced a security breach and it has now become a boardroom discussion. To help CISOs better manage budget and maximize program impact to stakeholders on their overall security posture, Bugcrowd has also introduced two new in-platform reports that can easily be shared with all stakeholders:
- Security Posture report: identifies the vulnerabilities within an organization’s technology stack against industry benchmarks and prioritize areas of improvement.
- Health and Spend report: captures program performance and spending patterns as well as context-aware recommendations for program improvements.
“Bugcrowd has completely disrupted the traditional penetration testing and vulnerability assessment market,” said Joan Pepin, CSO at Auth0. “It has become increasingly clear that the center of gravity has shifted to their crowdsourced security platform and solutions, and they have proven to be the most effective way to find security issues in our stack. Bugcrowd has quickly become a valuable partner and an essential component of moving security left into the software development lifecycle.”
“We’re increasingly investing resources to firm up the security of our systems and products, and partnering with Bugcrowd to uncover priority vulnerabilities in our known, critical assets, is part of this important investment,” said Eric Johnson, SVP and CIO at SurveyMonkey. “Their latest platform enhancements have multiplied our ROI by rapidly plugging the power of their Crowd into our diverse security lifecycle. With immediate access to the right skills for our ever-evolving security use cases, we’ve gained better insight into the health of our technology ecosystem.”
Leading companies around the world, including Mastercard, Atlassian, Fitbit, HP, Motorola, Jet.com, Square, and Twilio trust Bugcrowd for Bug Bounty, Vulnerability Disclosure, Next Gen Pen Test, and Attack Surface Management programs. For a list of public programs, visit bugcrowd.com/programs. To read customer stories, visit bugcrowd.com/customers.