Request a Demo Contact Us
Press release

CISA Selects Bugcrowd and EnDyna to Run Its Vulnerability Disclosure Policy Platform

Security-First Partnership Provides Crowdsourced Vulnerability Detection, Monitoring, and Reporting Services for Federal Civilian Executive Branch Agencies

SAN FRANCISCO – June 8, 2021 – The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency of the US government, has selected Bugcrowd to launch its first federal civilian enterprise-wide crowdsourced vulnerability disclosure policy (VDP) platform in support of Binding Operational Directive (BOD) 20-01.  

CISA, through the Cybersecurity Quality Services Management Office, is partnering with Bugcrowd – the leader in crowdsourced cybersecurity, and EnDyna – a government contractor that provides technology-based solutions. CISA will offer this VDP platform service to Federal Civilian Executive Branch (FCEB) agencies which will set a new precedent for federal civilian enterprise-wide security. FCEB agencies will now be able to coordinate with the civilian hacker community. The VDP platform enables agencies to identify and monitor vulnerabilities in critical systems, by receiving security feedback from uniquely-skilled ethical hackers around the world.

CISA’s BOD 20-01, which requires all FCEB agencies to develop and publish a VDP, has opened the door for federal agencies to work with Bugcrowd’s proven crowdsourced cybersecurity platform. This will give agencies  access to the same commercial technologies, world-class expertise, and global community of helpful ethical hackers currently used to identify security gaps for enterprise businesses. Partnering with Bugcrowd, EnDyna is awarded a one year contract with four option years which will provide a key Software as a service (SaaS) component to CISA’s VDP platform. 

Bugcrowd’s unmatched triage and community management services deliver an industry-leading 96% signal-to-noise ratio and its unique CrowdControl™ Platform provides contextual vulnerability intelligence and management to reduce risk faster and drive better decisions. In addition to the CISA-funded VDP platform service, FCEB agencies can also accelerate digital transformation strategies and implement their own bug bounty programs from Bugcrowd and EnDyna, enabling them to ensure that security assessments become part of their software development lifecycle (SDLC), also commonly called as “Shifting Left”.

“As seen in the commercial and defense sectors, crowdsourced cybersecurity and vulnerability disclosure programs are a critical safeguard in helping reduce the risk of breach,” said Ashish Gupta, CEO and President of Bugcrowd. “The need for cyber resilience and risk management is unprecedented in today’s digitally connected world and the partnership between CISA and Bugcrowd provides the most powerful crowdsourced cybersecurity platform solution to address the government’s growing need for contextually intelligent security assessments to protect its vast attack surface. We are honored to be the first crowdsourced cybersecurity vendor to work with CISA on an FCEB-wide proactive defense strategy through our VDP solution.”

“We are firmly committed to enhancing government defenses and improving security operations across network infrastructures,” said Ashok Siddhanti, CEO of EnDyna. “Our fundamental goal is to radically improve the FCEB’s ability to detect and remediate security gaps within these respective agencies’ digital infrastructures, and we look forward to working with Bugcrowd to advance government security.”

For more information on Bugcrowd’s VDP solution and the Bugcrowd platform, please visit For more information on EnDyna, please visit  

“Bugcrowd”, “CrowdControl” and “Force Multiplier” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

About Bugcrowd

Bugcrowd is the force multiplier™ in cybersecurity, providing access to a global network of ethical hackers who help organizations maximize the impact of their security defenses. Top Fortune 500 organizations trust Bugcrowd to manage their Pen Test, Bug Bounty, Vulnerability Disclosure, and Attack Surface Management programs. Bugcrowd’s award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations identify and fix vulnerabilities, protect customers, and make the digitally connected world a safer place. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at

About EnDyna

Founded in 2001 and headquartered in McLean, Virginia, EnDyna’s mission is to support U.S. government’s cybersecurity, defense, occupational safety, clean environment, and public health missions through science and technology.EnDyna currently provides solutions to several U.S. government customers including Army, Air Force, Defense, EPA, Health and Human Services, Homeland Security, Interior, Labor, and Transportation. Learn more at


Allison Arvanitis
Lumina Communications for Bugcrowd