UPDATED 14:49 EST / MAY 05 2023

SECURITY

Bugcrowd plans to transform the penetration testing market through AI and white-hat hackers

Bugcrowd Inc. has grown from a “napkin moment” sketched out by the founder on an airplane flight 11 years ago to now include an expanding ecosystem of bug bounty programs and, most recently, penetration testing as a service.

Last week, the multi-solution, crowdsourced cybersecurity platform announced new capabilities in its Penetration Testing as a Service, or PTaaS. The solution enables customers to purchase, set up and manage a pentest directly online without a lengthy sales process.

“When customers come on and they join with us, we match them with the right pentester based on the skillset of the tester and based on the customer’s environment,” said Dave Gerry (left), chief executive officer of Bugcrowd. “We can immediately deploy a test in a matter of hours versus weeks or months in the previous models. From there, results are shared real time back into the platform, versus waiting just for a report to be released at the end of the test.”

Gerry spoke with theCUBE industry analyst John Furrier at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. He was joined by Casey Ellis (right), founder, chairman and chief technology officer of Bugcrowd, and they discussed the firm’s latest announcements and its strategy for leveraging talent in the global security community. (* Disclosure below.)

Disrupting the model

Pentesting is an authorized simulated attack on a computer system designed to evaluate its security. An ecosystem of third-party providers has developed over the years to provide this service in the cybersecurity world, and Bugcrowd saw an opportunity to leverage its white-hat hacker community to disrupt the existing pentesting model.

“It’s one of those things where pentesters aren’t the problem. It’s the pentesting; it’s how it’s done,” said Ellis, who worked as a pentester himself at one juncture in his career. “It’s so inefficient, and there hasn’t really been a reason to change it. Let’s make the whole thing faster and more effective for both sides.”

April has been a busy month for Bugcrowd and its news cycle. The company also recently announced a collaboration with OpenAI, the company behind the widely-used ChatGPT, to deal with security risks in AI models.

Bugcrowd’s bug bounty program will now pay $200 to $20,000 to security researchers who identify security flaws in OpenAI systems. There are guidelines around participation in this program. Participating security analysts must follow policy rules, avoid disrupting systems and keep vulnerabilities confidential until authorized for release by OpenAI.

“We’ve basically launched their bug bounty program on our platform,” Ellis said. “They are going out to the entire audience of potential people that can be experts … and saying: ‘Help us out.’”

Data is secret sauce

Bugcrowd’s collaboration with OpenAI is another element of the company’s interest in leveraging intelligence tools for cybersecurity. The firm uses AI and machine learning to fine-tune pairing a customer with the security researcher, according to Gerry. In the end, it all comes down to data.

“In the machine learning and AI layer, we can match the right researcher at the right time,” Gerry said. “Customers are finding 2x the amount of critical vulnerabilities; researchers are making more money. Think about this as all of the telemetry data of vulnerability information, researcher information. The data really is the secret for us.”

Bugcrowd got its start by building a business around a simple concept: create a platform that connects a global community of good-faith hackers with the security problems plaguing institutions around the world. Ellis, the firm’s Australia-based founder, moved to Silicon Valley in 2013 to grow Bugcrowd and soon became the beneficiary of a major tailwind. Edward Snowden released thousands of classified documents from the National Security Agency that year, and the breach elevated global interest in security.

Bugcrowd promoted Gerry in 2022 to be its new chief executive officer. Gerry brought over a decade of experience in the security market, with previous roles in Veracode Inc. and Sumo Logic Inc. He is currently a member of the FBI’s private sector partnership group, InfraGard, which provides a vehicle for the timely exchange of information to protect critical infrastructure.

Gerry and Ellis indicated there are plans for additional news as the company continues to bet on its network of security researchers and opportunities to improve network protection in the cyberworld.

“We’re leveraging all of this latent creativity that exists in the security expert community,” Gerry said. “That’s really what Casey founded the business on. How do we connect the right researcher at the right time with the right problem? Ultimately, anything our customer wants done from a security researcher standpoint can be done by leveraging this platform.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

Check out these highlights in Gerry and Ellis’ segment:

  • 1:52 – Bugcrowd has announced a service to sell pentesting entirely online.
  • 2:47 – Problems with the pentesting industry led Bugcrowd to find a new approach.
  • 6:33 – Bugcrowd has announced a deal with OpenAI.
  • 8:58 – Data is secret sauce, and AI helps drive the Bugcrowd engine.
  • 11:23 – Hackers can play an important role in bolstering cybersecurity.

(* Disclosure: Bugcrowd Inc. sponsored this segment of theCUBE. Neither Bugcrowd nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU