It Takes a Crowd
to Defeat a Crowd
“Cybersecurity isn’t a technology problem — it’s a human one — and to compete against an army of adversaries we need an army of allies.”
CASEY ELLIS, Founder, Bugcrowd
Why Crowdsourced Security?
Crowdsourced Security is a powerful tool – used by leading edge firms such as Google and Facebook – to decrease risk. However crowdsourced security is not yet well understood across the enterprise security community. This brief will define crowdsourced security and describe why it’s a key element of any viable security architecture.
How It Works
Crowdsourced Security: A Human-Based Approach to Risk Reduction
Why it Works
True Risk Reduction
Rewards are tied to successful outcomes — finding code vulnerabilities that you need to know about.
The first hacker to find a vulnerability is rewarded, encouraging hacker to work quickly.
The more critical the vulnerability found, the bigger the reward to the hacker, driving better value.
InVision Uses Bugcrowd’s Managed Approach
“The managed approach reduced our required time and effort by at least 80%, freeing up our security team to focus on other components of our security program.”
Johnathan Hunt, VP, Information Security, InVision
READ THE CASE STUDY
Crowdsourced security supports today’s key attack surfaces, on all key platforms, as well as “the unknown.” As organizations move to cloud architectures and applications, the biggest concerns are web application front ends and APIs, which may be deployed on IoT devices, mobile apps, or on-prem/cloud. All of these can be evaluated for risk by crowdsourced security. Furthermore, a public crowd program can uncover risk in areas unknown to the security organization, such as shadow IT applications or exposed perimeter interfaces.
Using crowdsourced security lowers security costs and operational overhead. There is no agent software on applications or clients, and no software instrumentation to support. There are no network devices or virtual appliances to install and manage. There is also little to no operational waste caused by false positives or low-priority events. As security budgets come under increasing scrutiny, crowdsourcing becomes an obvious choice for simultaneously controlling costs while still aggressively protecting the business.
Explore our Offerings
Meet compliance and reduce risk with a framework to receive vulnerabilities.
Take a proactive, pay-for-results approach by actively engaging with the Crowd.
Crowdsource human intelligence at scale to discover high-risk vulnerabilities faster.
Put your security teams in the same room with the world’s top hackers.