Bugcrowd

Bugcrowd is a company that participated in the Startmate 2013 cohort and raised an estimated $48,650,000.

Bugcrowd is a developer of an open-source and crowdsourced cybersecurity platform designed to provide organizations with customized security testing programs to identify security problems. The company offers services which include penetration testing, vulnerability disclosure, and attack surface management to help organizations protect digital assets. The platform uses the insights and abilities of security researchers and artificial intelligence (AI) tools to provide the security testing and actionable insights.

Bugcrowd, headquartered in San Francisco, was founded in 2012 by Casey Ellis, Chris Raethke, and Sergei Belokamen. Bugcrowd is a company that participated in the Startmate 2013 cohort.

Bugcrowd is built around a two-sided security marketplace in which Bugcrowd crowdsources coders who apply to join the platform by demonstrating their skills, and these coders may be all sorts, including hackers, freelancers, or people looking to pick up spare work. These coders are then matched based on their skills with bounty programs in the works amongst clients, clients who can range from other technology companies through to any enteprise or organization whose operations rely on technology in order to work. This is developed in order to help organizations stay ahead of attack vectors and stay ahead of new and evolving exploits with the community response and the ingenuity of a crowd at finding vulnerabilities.

Bugcrowd offers penetration-testing-as-a-service which helps users to meet compliance goals and is intended to help those organizations reduce risk. Bugcrowd's penetration testing suite offers this service with transparency into the results through dashboards, while Bugcrowd uses their crowdsourcing technology - the CrowdMatch artificial intelligence of their platform - to match qualified and engaged penetration testing teams to meet organizations requirements and get organizations the testing they want. The Bugcrowd model also uses a "pay for impact" incentivized testing model which rewards pentesters based on results rather than effort.

Bugcrowd's Managed Bug Bounty sources and incentivizes skilled and trusted hackers on demand to find hidden vulnerabilities across an attack surface to help organizations uncover high-impact flaws than traditional testing.

Bugcrowd also offers a vulnerability disclosure program (VDP) in which an organization can make a public appeal for a vulnerability report, and which Bugcrowd helps bysetting rules of engagement for the public and allows users to test vulnerabilities in public-facing assets. The VDPs are run on Bugcrowd's security knowledge platform, and are managed to provide submission channels, triage, integration, and reporting with past customer data and experiences.

Bugcrowd offers attack surface management (ASM) which uses Bugcrowd's crowdsourced intelligence, technology, and data to help organizations uncover hidden or forgotten assets and assign and prioritize risk to those assets.

Bugcrowd also offers a vulnerability rating taxonomy (VRT) to provide a common understanding of risk severity for both customers of Bugcrowd's platforms, and the researchers and hackers which work to find vulnerabilities.