With a powerful cybersecurity platform and team of security researchers, Bugcrowd connects organizations to a global crowd of trusted ethical hackers.bugcrowd.com
What is Crowdsourced Security?
According to Bugcrowd there is a fundamental imbalance between the creativity and motivations of cyber attackers, and those of enterprise security defenders. Crowdsourced Security aims to eliminate this imbalance via White Hat security researchers.
Additional benefits include rapid risk reduction, cost control, and lower overheads.
Support is provided for identifying vulnerabilities in web front-end & API interfaces on servers and The Cloud plus mobile & IoT (Internet Of Things) platforms.
Security researchers are highly vetted and private programs are used to address concerns that enterprises might have about using Crowdsourced Security on their systems.
The following are available to enterprises:
- Vulnerability Disclosure Programs – provide a framework to securely accept, triage, and rapidly remediate submitted vulnerabilities.
- Bug Bounty – combines analytics, automated security workflows, and human expertise to find and fix more critical vulnerabilities.
- Next Gen Pen Test – combines the collective creativity of the Crowd with methodology-driven reports needed to meet compliance requirements.
- Attack Surface Management – to help quickly find, prioritize, and act upon previously unknown assets before they’re discovered by malicious attackers.
In addition to the above live hacking events are also held and referred to as ‘Bug Bashes’. These events are generally 1-2 days and bring together the Enterprise teams and the top White Hat hackers to accelerate the discovery of critical vulnerabilities.
Bugcrowd works together with major companies across a number of vertical market sectors including Automotive, Financial Services, Government, Healthcare, Retail, Security, and Technology.
See here for more details.
This is Bugcrowd’s term for White Hat or Ethical Hackers who participate in Bug Bounties on their Crowdsourcing Security platform.
- Targets – Web, API, iOS, Android, Automotive, Binary Apps etc.
- VRT – Vulnerability Rating Taxonomy for both hackers & customers.
- Support – this is via email but there is also a variety of resources such as:
- Resource Library
- Case Studies
Other facilities available to Researchers include:
- Programs – these are bug bounty programs running on the Bugcrowd platform by different companies.
- CrowdStream – a showcase of accepted and disclosed submissions on participating programs.
- Bug Bounty List – this is a public list that is the most comprehensive, up to date crowdsourced list of bug bounty and security disclosure programs from across the web curated by the hacker community.
- Help Wanted – these are Private Programs that are not publicaly visible and usually list a set of skill requirements to participate.
A set of learning resources are provided to help Researchers improve their skillsets:
- Bugcrowd University – security, education, and training for the White Hat hacker community.
- Bugcrowd Forum – covers topics such as Starter Zone, Recon Techniques, Web Hacking, Mobile Hacking, Car Hacking, IoT Hacking, Binary Reverse Engineering, Jobs Board, LevelUp Conference, and more.
- Leaderboard – a ranked list of Researchers together total points from paid programs.
Are you a member of Bugcrowd who earns money from bounties on this platform or an Enterprise customer who has run programs on this platform? If so please comment below to share your experiences and any advice you can offer.