The likes of Facebook Inc. and Twitter Inc. actively encourage the public to report security flaws in their services with the promise of financial reward, but a payout alone isn’t sufficient to make a bug bounty program successful. Equally important is the ability to reach a large number of talented individuals with the expertise to spot hidden flaws, a difficult task for companies that don’t have their own social networks. As a result, they turn to Bugcrowd Inc., which raised $15 million in funding today to increase the appeal of its crowdsourced vulnerability testing platform.
The cloud-based service has a community of over 27,000 whitehat hackers who seek out bug bounty programs posted to its board. An organization can launch an open-ended program offering payment to anyone who finds a flaw in its services and only pay for discovers that meet the criteria outlined in the listing, which is much cheaper than hiring a consultancy that charges by the hour. Alternatively, it’s also possible to invite a group of as many as 50 users to run penetration tests against a system for a period of up to two weeks.
Either way, Bugcrowd says that its platform enables companies to find security flaws both faster and more economically than they could otherwise . The startup’s sales pitch has won over more than 250 brands since its launch in 2012, including Tesla Motors Inc., Fitbit Inc. and other big names. Its leadership team is equally impressive: Former RSA executive chairman Art Coviello is a member of the board, while founder and chief executive Casey Ellis spent 12 years working in the network protection space prior to starting the outfit.
The capital from today’s round will enable Bugcrowd to bolster its talent pool even further. In particular, the startup plans on hiring more developers to enhance the functionality of its platform, most notably the mechanism through which users share their discoveries with companies. It’s also looking to strike a number of strategic partnerships with established vendors to try and spread awareness of the service in the enterprise market. Seeing how many of the industry’s largest security providers offer penetration testing services that compete with the outfit’s platform, Casey Ellis and his team will have to be resourceful in their search for allies.