SAN FRANCISCO, Jan. 30, 2024 – Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today launched the CrowdConnect Partner Program to empower global partners to leverage the crowd to defend against today’s fast moving cyber adversaries. The CrowdConnect Partner Program accelerates the growth and maturity of Bugcrowd’s rich ecosystem of partners by recruiting, enabling, and nurturing them to market, influence, integrate, sell and deliver cyber security solutions and offerings.

CrowdConnect stands out in the industry, offering deal protection with healthy margins and rewarding partners benefits for value and volume, rather than other programs in the market driven by complex and shifting tiers. In FY24, Bugcrowd has signed 40 new partners within CrowdConnect. Unlike other competitors in the crowdsourced security space, 100% of Bugcrowd’s reward pools goes to hackers, in line with the company’s mission to unite and empower the collective ingenuity of the hacker community.

“With Bugcrowd’s CrowdConnect, our customers were able to immediately realize the full benefits of a powerful SaaS crowdsourcing platform,” said Mike Quirin, Founder and Partner at Alchemy Tech Group. “Alchemy prides itself on its ecosystem of strong relationships with disruptive technology vendors, and our goal is to support our customers with value-driven solutions as they embark on their transformative journey, something Bugcrowd’s CrowdConnect has supported from day one.”

“Bugcrowd allows us to provide our clients with a powerful network of hackers custom fit for their organizational needs, adding to our already robust IT and cybersecurity portfolio,” said Paul Zhdanovych, Managing Director at Softprom, a leading Value Added IT Distributor in the CIS and Eastern Europe markets trusted by more than 1,200 partners. “Organizations are head to head with the challenge of a major cybersecurity skills shortage in the industry. Our partners require specialized, high-value solutions and we are laser focused on addressing their needs. Bugcrowd has been a vital partner in this by providing an immensely talented and creative hacker community via crowdsourcing.”

According to the 2023 Inside the Mind of a Hacker report, 84% of hackers believe that less than half of companies understand their true risk of being breached. And 96% of hackers agree that they help companies fill their cybersecurity skills gaps. Bugcrowd is committed to uniting organizations, hackers, and security professionals into a single, powerful SaaS platform to unlock the collective ingenuity often siloed. Within CrowdConnect, Bugcrowd helps partners strengthen their cybersecurity strategies, along with bringing partners’ clients the perfect crowdsourced talent from a trusted pool of highly skilled researchers and the best triage capabilities in the industry for reducing noise and time to remediation.

“Our guiding mission is to arm our growing partner network around the globe with a disruptive, innovative SaaS platform to proactively reduce the risk of being blindsided by today’s sophisticated threats,” said Paul Ciesielski, Chief Revenue Officer of Bugcrowd. “We’ve designed CrowdConnect to be valuable for our partners, allowing them to differentiate their products through access to our Bugcrowd Platform.

The CrowdConnect Partner Program brings together partners spanning traditional and non-traditional channels – including Resale Partners, Managed Security Service Providers, Agent/Referral Partners, Consultants/Advisors, System Integrators, Technology Alliance and Referral Partners – ensuring they never face today’s cybersecurity challenges alone. CrowdConnect provides diverse partners from around the globe with:

• Access to a highly differentiated platform that addresses multiple customer needs
• Results from Bugcrowd’s ongoing investment in the channel and reinvestment in partners
• Healthy margins and deal-registration protection
• Rewards and incentives for both volume and value partners

To learn more about CrowdConnect and how it can accelerate the growth of your company, visit: https://www.bugcrowd.com/partners/

To learn more about how the Bugcrowd Platform can equip your organization to protect itself from cyber risk, access link here. To download a copy of our recently published the Inside the Platform: Bugcrowd’s Vulnerability Trends Report, click here.

About Bugcrowd

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors.

Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.

“Bugcrowd”, “CrowdMatch” “Security Knowledge Platform” and “CrowdConnect” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact
Lumina Communications for Bugcrowd
press@bugcrowd.com
bugcrowd@luminapr.com

The post Bugcrowd Launches CrowdConnect Partner Program to Further Empower Global Ecosystem of Partners appeared first on Bugcrowd.

SAN FRANCISCO, January 24, 2024 — Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today released its annual “Inside the Platform: Bugcrowd’s Vulnerability Trends Report.” The report highlights the types of vulnerability submissions that are on the rise today, according to global hackers. It also documents the steady adoption of public crowdsourced programs based on growing awareness and acceptance of crowdsourced security strategies.

The government industry sector saw the fastest growth for crowdsourced security in 2023 compared to 2022, with a 151% increase in vulnerability submissions and a 58% increase in Priority 1 (or P1) rewards for finding critical vulnerabilities. Other industries recording big increases in submissions included retail (+34%), corporate services (+20%), and computer software (+12%).

Over the past year, the hacker community recorded a 30% increase in Web submissions created on the Bugcrowd platform compared to 2022, an 18% increase in API submissions, a 21% increase in Android submissions, and a 17% increase in iOS submissions.

“This report offers critical context, insights, and opportunities for security leaders looking for new information to bolster their risk profiles,” said Nick McKenzie, Chief Information and Security Officer of Bugcrowd. “Looking ahead, we can use insights from this report in conjunction with other key learnings to predict what is coming next.”

McKenzie predicts that in 2024, threat actors will use adversarial AI to speed up enterprise attacks – creating more noise for defenders, not necessarily smarter attacks. In addition, and off the back of continued attacks in this space, he says that getting quality insights, coverage and continuous assurance in supply chain security, third-party risk, and inventory management processes will become increasingly important areas for security leaders. The “human risk factor” will also become more dangerous (i) based on actions by malicious insiders and misguided employees who fall prey to social engineering attacks or bypassing internal controls (intentionally or unintentionally) (ii) operationally, countering the “cyber talent skills gap” and help their security teams “scale” – organizations will certainly and more broadly adopt the crowdsourcing of human intelligence to continuously weed out unique or previously unidentified vulnerabilities that smaller, less diverse, budget, or talent strapped teams just can’t. 

The Bugcrowd Platform connects organizations with trusted hackers to proactively defend their assets against sophisticated threat actors. In this way, organizations can unleash the collective ingenuity of the hacking community to better uncover and mitigate risks across applications, systems, and infrastructure.

Crowdsourced solutions include penetration-testing-as-a-service, managed bug bounties, and vulnerability disclosure programs (VDPs). Not surprisingly, the report found that the most successful programs on the platform offered the highest rewards to hackers, generally $10,000 or more for finding a P1 vulnerability. The highest payouts for P1 vulnerability submissions are found in the financial services and government sectors. 

In the past year, enterprises also increasingly favored public crowdsourced programs over private ones, while programs with open scopes received 10X more P1 vulnerabilities than those with limited scopes. A scope is the defined set of targets listed by an organization as assets to be tested. An open scope bug bounty program imposes no limitations on what hackers can or cannot test in terms of assets that belong to the organization.

The report also examines how different hacker roles contribute to crowdsourced security, and how crowdsourced security platforms can provide powerful warning systems to uncover vulnerabilities. Several sidebars help capture the spirit of the crowdsourcing community, including sections on the changing landscape for reward ranges; the Top 5 Most Commonly Reported Vulnerability Types; and customer case studies spotlighting Rapyd and ClickHouse.

Access the Full Report

Millions of proprietary data points and vulnerabilities were analyzed for this edition of Inside the Platform. These data points were collected from across thousands of programs on the Bugcrowd Platform from January 1, 2023 to October 31, 2023.

Bugcrowd’s goal in publishing the report is to arm security leaders with key information about cyber trends which they can apply to the unique challenges facing their organizations. The report also outlines policy changes and advocacy campaigns that are being undertaken to make the Internet a safer place for ethical hacking. To download a copy of the Inside the Platform: Bugcrowd’s Vulnerability Trends Report, click here. Read our blog here. 

To learn more about how the Bugcrowd Platform can equip your organization to protect itself from cyber risk, access link here.

About Bugcrowd

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.

“Bugcrowd”, “CrowdMatch” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact 
Nathaniel Hawthorne for Bugcrowd
Lumina Communications
press@bugcrowd.com
nathaniel@luminapr.com

PR Contact
Zonic Group Japan
担当：川合
Tel: 080-4320-6029
ykawai@zonicgroup.com

The post Open Scope Crowdsourced Security Programs Find 10X More Critical Vulnerabilities appeared first on Bugcrowd.

SAN FRANCISCO, December 19, 2023 — Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today announced updates to the Vulnerability Rating Taxonomy (VRT) that define and prioritize crowdsourced vulnerabilities in Large Language Models (LLMs) for the first time. The VRT is an ongoing open-source effort to standardize how hacker submissions of suspected vulnerabilities are reported in an industry-standard way, and is implemented in the Bugcrowd Platform for use by hackers, customers, and Bugcrowd’s application security engineers.

This latest VRT release, which was partly inspired by the OWASP Top 10 for Large Language Model Applications, marks a milestone for the crowdsourced cybersecurity industry because it gives customers and hackers a shared understanding of how LLM-related vulnerabilities are classified and prioritized. Armed with this information, hackers can focus on hunting for specific vulnerabilities and creating targeted proofs-of-concept, while program owners with LLM-related assets can design project scoping and rewards that produce the best outcomes.

In 2016, Bugcrowd created the VRT, which is now an open-source project for customers, Bugcrowd application security engineers, and researchers to collaborate on a shared understanding of risk severity. The VRT is designed to constantly evolve in order to mirror the current threat environment. Since the VRT’s creation, hundreds of thousands of vulnerability submissions have been created, validated, triaged, and accepted by program owners on the Bugcrowd Platform. 

“Although AI systems can have well-known vulnerabilities that are found in common web applications, AI technologies like LLMs have introduced unprecedented security challenges that our industry is only beginning to understand and document,” said Casey Ellis, Founder and Chief Strategy Officer of Bugcrowd.

“This new release of VRT not only opens up a new form of offensive security research and red teaming to program participants, but it helps companies increase their scope to include these additional attack vectors,” said Ads Dawson, senior security engineer for LLM platform provider Cohere and a key contributor to the release. “I am looking forward to seeing how this VRT release will influence researchers and companies looking to fortify their defenses against these newly introduced attack concepts.”

“At Bugcrowd, we believe that the human ingenuity unleashed by crowdsourced security is the best tool available for meeting AI security goals in a scalable, impactful way that provides more visibility into security ROI,” said Dave Gerry, Chief Executive Officer of Bugcrowd. “With these AI security-related updates to the VRT, the Bugcrowd Platform is positioned as the leading option for meeting that goal.”

To learn more about how the Bugcrowd Platform can equip your organization to protect itself from cyber risk, access link here.

 Read more here: “Defining and Prioritizing AI Vulnerabilities for Security Testing” 

Register here to join our upcoming webinar: AI Safety and Compliance: Securing the New AI Attack Surface with Bugcrowd Founder and Chief Strategy Officer, Casey Ellis and Zach Long, Founder at Conductor AI.

About Bugcrowd

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors.

Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.

Based in San Francisco, Bugcrowd is supported by Rally Ventures, Costanoa Ventures, Blackbird Ventures, Triangle Peak Partners, and others.

“Bugcrowd”, “CrowdMatch” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact 
Nathaniel Hawthorne for Bugcrowd
Lumina Communications
press@bugcrowd.com
nathaniel@luminapr.com

The post Bugcrowd Platform Implements Industry-First AI Vulnerability Rating Taxonomy for LLMs appeared first on Bugcrowd.

SAN FRANCISCO, October 10, 2023 — Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today announced significant global customer momentum, highlighting the market need for Bugcrowd’s crowdsourced cybersecurity platform. The company’s rapidly growing customer base includes top brands such as ExpressVPN, Rapyd and T-Mobile, which have chosen to partner with Bugcrowd for one or more of its Bug Bounty, Penetration Testing and Vulnerability Disclosure Programs.

Serving nearly a thousand organizations worldwide, Bugcrowd empowers customers and hackers to unleash their ingenuity to protect brands and intellectual property. The company drove over 50% growth in payments to the hacker community through customer programs, amplifying a pivotal time of remarkable growth and innovation for the Bugcrowd Platform.

ExpressVPN, an industry-leading privacy and security company, chose Bugcrowd for its world-class team of hackers that had skills expertly matched to their unique scope. The company’s goal is to allow users to take control of their internet experience – with privacy and security at its core – and Bugcrowd makes this possible by streamlining the reporting, remediation, reward and disclosure processes of a public bug bounty program. ExpressVPN has been harnessing Bugcrowd’s powerful and highly-scalable Vulnerability Disclosure and Bug Bounty programs to protect their data and customers for over three years.

Bugcrowd’s latest customers include U.K.-based fintech company Rapyd, who chose Bugcrowd for its ability to support organizations around the globe in scaling their security programs to meet rapid organizational growth. During a time of major acquisitions and the need for more focused API testing, the 500+ Rapyd team transitioned to Bugcrowd in order to leverage the company’s highly specialized team of hackers that fit their exact needs. Bugcrowd’s CrowdMatch technology, which enables precise crowd matching, allows organizations to connect with the right hackers for Rapyd’s needs. In one year, the team found 40 total vulnerabilities, 15 of which were critical.

Top customers also include T-Mobile, the U.S.’ leader in 5G with the largest, fastest and most awarded 5G network in the country. T-Mobile and Bugcrowd launched a revamped public bug bounty platform to invite hackers to find vulnerabilities in T-Mobile’s applications and websites. T-Mobile evaluates the reported vulnerabilities and takes appropriate action.

“We pride ourselves in partnering with our world-class customers as they take back control and outpace threat actors. This remains our ultimate goal and it’s why Bugcrowd is trusted by nearly 1,000 organizations around the world,” said Dave Gerry, CEO of Bugcrowd. “We unite our customers with trusted hackers that fit their specific risk profile and attack surface, paving the way for a new era of cybersecurity, one that is flexible, scalable and efficient. These are only a few examples of the hundreds of brands that continue to transition from other vendors in the space to Bugcrowd in order to meet their security goals, and I’m elated to witness another year of unprecedented growth of our customer base.”

To learn more about how the Bugcrowd Security Knowledge Platform can equip your organization to protect itself from cyber risk, click the link here.

Visit Bugcrowd’s Booth #114 at the Australian Cyber Conference 2023 in Melbourne, Australia, on Oct. 17-19, hosted by the Australian Information Security Association.

About Bugcrowd

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.

Based in San Francisco, Bugcrowd is supported by Rally Ventures, Costanoa Ventures, Blackbird Ventures, Triangle Peak Partners, and others.

“Bugcrowd”, “CrowdMatch” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact 
Nathaniel Hawthorne for Bugcrowd
Lumina Communications
press@bugcrowd.com
nathaniel@luminapr.com

The post Bugcrowd Announces Rapid Growth of Customer Base Year Over Year appeared first on Bugcrowd.

SAN FRANCISCO, Sept. 19, 2023—Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today announced the appointment of Rally Ventures Partner and former Bugcrowd interim CEO Michael Jennings as Board Chair and Netskope APAC Chief Information Officer & Chief Security Officer David Fairman to its Advisory Board, along with a handful of top technology veterans to its leadership team. The appointments come at a time of significant expansion of the company’s global workforce and market depth of the platform, along with unprecedented revenue growth.
“I am thrilled to take on the additional responsibilities of the Board Chair role at Bugcrowd as they continue to pioneer the crowdsourced cybersecurity market,” said Jennings.

“This is a pivotal point in the company, with unprecedented growth and expansion into new markets, and a fast-growing team of industry giants and elite hackers. I am proud to continue supporting them as they continue to usher in a new era of cybersecurity.”

Michael holds over 30 years in IT leadership and business development. Prior to joining Rally Ventures in 2018, he was CEO of Secure-24, a leading provider of comprehensive managed IT services, where he led the company through nearly 200% growth over 6 years and the successful sale to NTT Communications in 2018. He was also the co-founder, Chief Technology Officer and Senior Vice President of Business Development at Appshop, a leading provider of hosted Oracle application and database technology.

David Fairman has held leadership roles at NAB, Royal Bank of Canada, JP Morgan Chase and Royal Bank of Scotland and Fortune 500 companies across the UK & EU, North America and APAC. David holds a number of positions on boards of directors for various cyber and fraud tech companies and was a founding member of the Security Advisor Alliance, and the Canadian Cyber Threat Exchange. His ability to understand the operational risks arising from digital commerce and translate these into strategic actions has led to the transformation of organizational cyber risk posture around the globe.

“The security and resilience of internet services is imperative to ensure trust in today’s digital ecosystem.  I value Bugcrowd’s mission and commitment to unlock the collective ingenuity of researchers to combat threat actors, working together as a community to make the digital world a safer place for business,” said Fairman, who also serves as Netskope’s Chief Information Officer for APAC. “I have personally seen the benefits of this as a Bugcrowd customer both in my current position and in previous roles and I am eager to join the Advisory Board, so that I can support the fast-growing team as they help customers stay ahead of today’s aggressive and persistent cyber threats.”

These appointments come during a time of fast workforce growth for the company, with new offices opening in San Francisco and New Hampshire, and key hires and promotions among the leadership team. This includes:

• Kent Wilson, Vice President of Global Public Sector Sales, is a seasoned cybersecurity leader with more than two decades of experience supporting the public sector. Kent served in the US Army with the 82nd Airborne as an infantry leader before turning his focus to cybersecurity. Kent excels in guiding early and growth-stage companies to establish high-performing public sector sales teams. He joins Bugcrowd from SimSpace Corporation, where he was VP of Sales Engineering. Prior to that, he held sales leadership roles at Bricata, Rapid7 and Symantec.
• Shyam Ramamurthy, Vice President of Engineering, has over three decades of experience as a technology leader, product builder and entrepreneur. Prior to Bugcrowd, he was a technology executive with Google leading the development of Android OS, Google Play and Google co-branded smartphones for emerging markets. Before his role at Google, he was a product and tech executive with organizations like Amazon and Yahoo where he built massively scalable AI/ML/Tech platforms across advertising, media, search and mobile tech ecosystems. As an entrepreneur, he also bootstrapped and successfully exited startups in the education-tech and financial-tech industries.
• Jennifer Hood, Vice President of People, is a seasoned HR executive with over two decades of experience across multiple industries – technology, healthcare and retail. Most recently, she served as SVP of HR at Red River, a technology transformation company where she oversaw employee engagement along with diversity, equity and inclusion.
• Michael Skelton, newly promoted Vice President of SecOps & Hacker Success, was previously Senior Director of Security Operations at Bugcrowd. Michael has a passion for helping maximize the productivity, engagement and growth of the Bugcrowd hacker community. He is a longtime leading expert in hacking and pentesting, and is also a co-organizer of security conference BSides Gold Coast, and SecTalks Gold Coast. Prior to joining Bugcrowd, Michael was a top hacker on the Bugcrowd platform, and made notable contributions to the bug hunting landscape, including being a co-author of Subfinder, which is widely used and appreciated among the broader cybersecurity community for its functionality.

“I am delighted to have both industry leaders Michael Jennings and David Fairman join the Bugcrowd team,” said Dave Gerry, Chief Executive Officer of Bugcrowd. “It’s vital to have the best, most seasoned leaders on our team in order to continue to accelerate our growth in an extremely fast-moving security market. These appointments, the hiring of Jenn, Kent, and Shyam, and the promotion of Michael demonstrate the massive opportunity we see for Bugcrowd, our customers, the hacker community and our incredible team.”

Bugcrowd is also thrilled to announce the grand opening of their second office in New Hampshire. The company is seizing the opportunity to hire incredible talent and the value of providing flexible options for teams to meet in-person, while also embracing the collaboration and flexibility of remote work, as they continue to commit to the team’s well-being and global productivity. This new physical presence in New Hampshire is indispensable to Bugcrowd, as it brings the company’s innovative, collaborative culture to the surrounding community.

Bugcrowd has experienced significant new business and revenue growth over the past year, ushering into the market new Pentesting-as-a-Service capabilities within the Bugcrowd Security Knowledge Platform and releasing new research on the impact of AI on hacking, pulling from its rich network of hackers paving the way for efficient security defenses.

To learn more about how the Bugcrowd Security Knowledge Platform can equip your organization to protect itself from cyber risk, click the link here.

About Bugcrowd
We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors.

Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.

Based in San Francisco, Bugcrowd is supported by Rally Ventures, Costanoa Ventures, Blackbird Ventures, Triangle Peak Partners, and others.

“Bugcrowd”, “CrowdMatch” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact 
Nathaniel Hawthorne for Bugcrowd
Lumina Communications
press@bugcrowd.com
nathaniel@luminapr.com

The post Bugcrowd Supercharges Leadership Team and Appoints New Board Chair and New Advisory Board Member appeared first on Bugcrowd.

LAS VEGAS—August 9, 2023—Appdome, the one-stop shop for mobile app defense, announced that Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, joined its new Mobile App Defense Project, a community program aimed at improving mobile DevSecOps for everyone. This collaboration aims to create a more secure mobile app economy, raise the bar on mobile app defense, and provide rapid, validated, continuous cyber and anti-fraud solutions for all mobile applications globally.

As mobile application use and revenues continue to rise dramatically, mobile application security testing is a hot topic and fast emerging discipline in the economic landscape. Cyber threats, attacks, tools, methods, and techniques targeting Android and iOS apps, infrastructures, and users continue to evolve and proliferate. The Mobile App Defense Project is designed to harness the collective strength of the global pen testing community to provide state of the art cybersecurity, anti-fraud, anti-malware, and other solutions in mobile applications worldwide.

“Sophisticated threat actors are targeting mobile applications relentlessly,” said Dave Gerry, CEO of Bugcrowd. “By collaborating in Appdome’s Mobile App Defense Project with Bugcrowd’s proven expertise in crowdsourced security, together, we are helping organizations adopt mobile applications with comprehensive protection against vulnerabilities. This collaboration exemplifies our shared commitment to driving excellence in mobile app security and our dedication to staying ahead of threat actors before they strike.”

Through this program, Appdome will collaborate with Bugcrowd, renowned for its expertise in identifying exploits and vulnerabilities, and conducting rigorous security assessments of mobile applications. By integrating the services and recommendations provided by Bugcrowd, Appdome aims to streamline cybersecurity delivery for all mobile apps.

“Bugcrowd’s multi-solution cybersecurity platform has always impressed me,” said Tom Tovar, CEO of Appdome. “I love the agility and speed of delivery that Bugcrowd offers and that matches our ethos of getting cyber and anti-fraud defenses out in the mobile app economy fast.”

As a community project, Appdome will also contribute its cyber and threat research to the community, as well as fund education, awareness, and other programs to benefit mutual customers and the broad cyber community defending mobile brands, businesses, and users.

For more information on the Mobile App Defense Project see www.appdome.com.

About Bugcrowd

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and a trusted alliance of elite hackers, with our patented AI-powered Security Knowledge Platform, built on the industry’s richest repository of vulnerabilities, assets, and hacker profiles carefully curated over a decade. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and ML-driven CrowdMatch technology finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors by unleashing collective ingenuity and instilling confidence.

Based in San Francisco, Bugcrowd is supported by Rally Ventures, Costanoa Ventures, Blackbird Ventures, Triangle Peak Partners, and others.

Outpace threat actors before they strike with Bugcrowd, visit www.bugcrowd.com. Read our blog here.

Bugcrowd: Ingenuity Unleashed.

The post Appdome and Bugcrowd Collaborate to Strengthen Cyber Security Defense for Mobile Application Adoption and Delivery appeared first on Bugcrowd.

SAN FRANCISCO—July 12, 2023—Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today released its annual Inside the Mind of a Hacker report for 2023, which found that 72% of hackers believe artificial intelligence (AI) will not replace the creativity of humans in security research and vulnerability management.

The report delves into a wide range of topics, including the impact of AI on security, a peek at what professional hackers look like, and the state of hacking.

The Impact of AI and the Rise of Generative AI Hacking

Generative AI was a major theme in the 2023 report, with more than half of respondents (55%) saying that it can already outperform hackers or will be able to do so within the next five years. However, hackers aren’t worried about being replaced, with nearly three out of four respondents (72%) saying that generative AI will not be able to replicate the creativity of hackers.

When asked how generative AI is being used, the top functions that hackers mentioned were automating tasks (50%), analyzing data (48%), identifying vulnerabilities (36%), validating findings (35%), and conducting reconnaissance (33%). Nearly two out of three respondents (64%) believed that generative AI technologies have increased the value of ethical hacking and security research.

The uptick in AI usage among hackers aligns with guidance from the U.S. Department of Defense in 2022 and President Biden’s Cybersecurity executive order, EO 14028 where he noted “The value of harnessing AI in cybersecurity applications is becoming increasingly clear…The methods show great promise for swiftly analyzing and correlating patterns across billions of data points to track down a wide variety of cyber threats in the order of seconds.” 

Challenging and Confirming Hacker Stereotypes

Most hackers were Gen Z aged 18–24 (57%) or Millennials 25–34 (28%). Nevertheless, the stereotype of the teenage hacker proved to be more accurate than its counterpoint in Gen X phreakers, with 5% being under 18 and only 2% being over 45. Additionally, the trope of hackers being disproportionately male proved true, based on this research, with 96% of respondents identifying as male and just 4% as female, with another 0.2% identifying as non-binary or genderqueer.

Most hackers (82%) do not hack full time, treating it either as a part-time job, side hustle, or something they are in the process of making a full-time occupation. Only 29% described hacking as their full-time profession. The motivations for ethical hacking were varied, but the top incentives included personal development (28%), financial gain (24%), excitement (14%), and the challenge (12%). Another 6% of respondents said they hack for the greater good, and 87% said that reporting a vulnerability is more important than making money from it.

While more than half of the respondents have graduated from college (54%) and 14% completed grad school, only 24% learned to hack through academic or professional coursework. The majority of hackers (71%) were self-taught, with most learning to hack through online resources (84%), while others learned through trial-and-error (40%) or friends and mentors (34%).

The State of Hacking and Vulnerability Management

Views varied on how many companies understand their true risk of being breached, with 27% of respondents saying that less than 10% of companies really understand their risk. Another third of respondents (33%) said that 10–25% of companies understand their risk, but only 16% said that more than half of companies understand their true risk of being breached.

The respondents painted a mixed picture of the global threat landscape, with 84% saying there have been more vulnerabilities since the start of the COVID-19 pandemic and 88% saying point-in-time security testing is not enough to keep companies secure. Nevertheless, 78% of respondents said that most companies’ attack surfaces are getting harder to compromise, and 89% said that companies increasingly view ethical hackers in a favorable light.

Nearly two-thirds of respondents (63%) reported finding a new vulnerability in the past 12 months that they had not encountered before. In addition, more than half of the respondents (54%) said they did not disclose a vulnerability because a company lacked a clear pathway to report it without risking legal consequences.

Hacking is increasingly leveraged for career development, as 42% of respondents said that building long-term relationships with security decision-makers and brands was one of their top goals when hacking on Bugcrowd. In addition, over half of the respondents (53%) said hacking has helped them get a job working remotely.

Access the Full Report

“With this report, more hackers are stepping out from the shadows of their stereotypes to tell real stories and redefine what hacking looks like as a career path,” said Dave Gerry, CEO of Bugcrowd. “As global enterprise AI adoption reaches critical mass, Bugcrowd is proud to stand at the coal face of security research, and we are thrilled that more organizations are tapping the diverse skills and expertise of hackers—at just the right time—through our platform.”

The survey included 1,000 respondents from 85 countries, including the United States, Australia, Brazil, Canada, Ethiopia, India, France, Jordan, Singapore, and the United Kingdom.

Readers of this report will better understand how ethical hackers reduce risks for organizations, provide one of the most significant security returns on investment, and accelerate digital transformations. To download a copy of the Inside the Mind of a Hacker—2023 report, click here.

About Bugcrowd

Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, combines data and ML-driven crowd-matching with decades of applied experience to bring the right human creativity to the right problem at the right time. Trusted by organizations across the globe, the Bugcrowd Security Knowledge Platform enables businesses to find hidden vulnerabilities across their entire attack surface before they can be exploited by utilizing the knowledge of world-class hackers. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures, and Triangle Peak Partners. For more information, visit www.bugcrowd.com.

“Bugcrowd” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contact

Nathaniel Hawthorne for Bugcrowd

Lumina Communications

press@bugcrowd.com

nathaniel@luminapr.com

The post Hackers Say Generative AI Unlikely to Replace Human Cybersecurity Skills—Bugcrowd Survey appeared first on Bugcrowd.

, the only multi-solution crowdsourced cybersecurity platform provider, have signed a partner agreement covering Europe and much of central Asia. Softprom will now market and distribute Bugcrowd’s industry-leading Security Knowledge Platform in the European Union, Switzerland, Armenia, Azerbaijan, Georgia, Kazakhstan, Kirghizia, Moldova, Ukraine, Uzbekistan, Tajikistan and Turkmenistan.

The partner relationship expands Bugcrowd’s ability to serve new markets and territories and highlights the company’s consistent growth within the channel ecosystem, as it is one of Bugcrowd’s channel first initiatives.

“Crowdsourcing is a global trend and we are pleased to offer IT security outsourcing services for corporate customers through our partner network. By selling services of the BugCrowd platform, such as ethical hackers from Eastern Europe, we help local economies and increase the security of our customer’s assets,” said Paul Zhdanovych, Managing Director at Softprom Group.

“Cybersecurity is a borderless  issue; every organization in the world is a target. The cybersecurity skills shortage is also global, making it difficult for companies to retain the skills they need to secure  their security posture, said Jason Cowie, VP of Global Channel Sales and Strategic Alliances, Bugcrowd. “This partnership is a step forward as we continue to level the cybersecurity playing field for everyone, everywhere to beat attackers at their own game.” 

According to recent Qualys research, it takes attackers an average of just under twenty days to weaponize a vulnerability, while it takes defenders an average of thirty days to patch, leaving eleven days of potential exploitation. In our increasingly global and distributed workforce, organizations are realizing the need for continuous, real-time security solutions that establish a proactive, rather than reactive, security posture towards these aggressive and ever-evolving threats. 

With this partner relationship, Softprom will market and distribute Bugcrowd’s multi-solution portfolio to its rich network of customers to address these increasing threats around the globe. Trusted by over 1,200 partners, Softprom increases customer effectiveness by providing high-quality IT solutions and services across thirty countries. 

The Bugcrowd Security Knowledge Platform

The only multi-solution security platform that powers pen testing as a service, bug bounty, vulnerability disclosure programs (VDPs), and attack surface management to bring the right human creativity to the right problem at the right time to disrupt threat actors at their own game. 

Penetration Testing as a Service (PTaaS)

• Bugcrowd PTaaS enables customers to launch a human-driven, high-impact pen test with a team matched to their precise needs with just a few clicks, cutting configuration time from days to hours.
• Bug Bounty built on the Bugcrowd Security Knowledge Platform, Bugcrowd’s bug bounty proposition comprises:
  ML-driven crowd matching (CrowdMatch) engineered triage; and data-driven insights derived from a decade of experience across 1000s of customer experiences.

Vulnerability Disclosure Program (VDP)

• Bugcrowd vulnerability disclosure program (VDP) sets the rules of engagement for the public to submit vulnerability reports about public-facing assets and then coordinates how they’re handled internally. Also built on the Bugcrowd Security Knowledge Platform, Bugcrowd’s managed VDPs provide submission channels, triage, integration, and reporting, with data from thousands of past customer experiences informing everything that happens.

Attack Surface Management

• Bugcrowd’s ASM solution provides technology and data that enables customer organizations to uncover hidden or forgotten assets (Asset Inventory), and then assign and prioritize risk to them (Asset Risk). The most thorough assessment of attack surface risks available, Bugcrowd ASM goes far beyond what other solutions do to help understand, and assign risk to all digital assets.

To learn more about Bugcrowd products, go here. 

The Bugcrowd team will be at Infosecurity Europe at ExCeL London June 20 – 22! If you are interested in meeting with the executive team to see how the Bugcrowd Platform can solve your cybersecurity challenges, visit the link here. You can also learn more about the many opportunities to connect with the team throughout the conference at the link here.

About Bugcrowd

Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, combines data and ML-driven crowd matching with decades of applied experience to bring the right human creativity to the right problem at the right time. Trusted by organizations across the globe, The Bugcrowd Security Knowledge Platform enables businesses to find hidden vulnerabilities in their entire attack surface before they can be exploited by utilizing the knowledge of world-class ethical hackers. Based in San Francisco, Bugcrowd is supported by Rally Ventures, Costanoa Ventures, Blackbird Ventures, Triangle Peak Partners and others. 

Protect your organizations with Bugcrowd, Right Platform, Right Crowd, Right Time, visit www.bugcrowd.com.

“Bugcrowd”, “CrowdMatch”, “Right Platform, Right Crowd, Right Time”,  and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

About Softprom

Softprom is a leading IT Distributor in Eastern & Central Europe, and the CIS with a portfolio of more than one hundred vendors. The company was founded in 1999 and nowadays it is represented on the territory in more than 30 countries. Softprom provides professional testing, training, installation, implementation, and technical support services in directions: Cyber Security, Cloud, IT Infrastructure, Video Security, CAD & Graphics. More information: softprom.com 

The post Softprom Signs a Partner Agreement with Bugcrowd to Democratize Crowdsourced Cybersecurity to Serve New Markets appeared first on Bugcrowd.

AUSTIN, TX and SAN FRANCISCO, CA / MAY 31, 2023 / Testlio, a leader in crowdsourced software quality testing, and Bugcrowd, a leader in crowdsourced cybersecurity, today announced they are partnering to offer companies comprehensive quality and security testing services that capitalize on the unique efficiency benefits of crowdsourced testing. The alliance builds upon existing market momentum for crowdsourced testing as a solution to address both a skills gap and fulfill challenging product verification scenarios that require a diversity of locations, devices, users, and transaction types. 

The current economic climate dictates that DevSecOps teams must find more cost-efficient ways to continuously deliver high-quality and secure digital customer experiences. Crowdsourced testing offers scale efficiencies by extending internal expertise and capacity with on-demand access to a global network of skilled quality and security experts. Bugcrowd and Testlio make it easy to reap these benefits with a platform-powered approach that manages the scale up and down of capacity to meet the evolving cybersecurity and quality assurance talent and coverage needs of the business.

“Economic headwinds require companies to rethink business as usual operating models. CTOs, CISOs, and product leaders must enact more capital efficient systems to fulfill digital forward strategies,” said Emeka Obianwu, Vice President, Alliances & Acquisitions for Testlio. “The Bugcrowd and Testlio alliance addresses a core requirement for digital programs which is to secure and quality assure software applications. It also unlocks a very time relevant benefit by employing an operating model for testing that allows product teams to do more with less.”

The fast-paced nature of modern software delivery requires historically siloed development, quality and operations teams to work together to quickly roll out software that works and protects as intended. Modern DevSecOps aims to remove these silos by invoking quality assurance and security earlier in the process. Bugcrowd and Testlio customers can also benefit from continuous, “shift left” crowdsourced testing which offers broader test coverage earlier in the software delivery process so product issues are identified and resolved faster.  

“Testlio and Bugcrowd each have a strong track record of helping enterprises successfully integrate crowdsourced testing into their quality assurance and security strategies respectively,” said Jason Cowie, Vice President,Global  of Alliances for Bugcrowd. “This alliance is about the next chapter of the value creation opportunity, offering a consistent approach across the security and quality domains so enterprises can take advantage of the economics and effectiveness of crowdsourced testing in more areas across the software development and operations lifecycle. ”

Through the alliance, Testlio and Bugcrowd will collaborate on joint solution development, “shift left” crowdsourced testing thought leadership, and joint customer delivery and support. You can learn more about Testlio’s crowdsourced testing solution here and BugCrowd’s crowdsourced cybersecurity solutions here.

 About Testlio

Testlio is a software testing company. We are the originator of fused software testing, a unique approach to testing that combines humans and machines to help digital innovators deliver quality products at scale. In any location. On any device. In any language. The company is distributed by design, with full-time people worldwide and part-time QA and QE freelancers in over 150 countries. Clients include Amazon, athenahealth, Microsoft, the NBA, Netflix, PayPal, Wayfair, and many more. Collectively, they have awarded us an industry-leading 4.7 G2 rating. To learn more, visit www.testlio.com.

About Bugcrowd

Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, combines data and ML-driven crowd matching with decades of applied experience to bring the right human creativity to the right problem at the right time. Trusted by organizations across the globe, The Bugcrowd Security Knowledge Platform enables businesses to find hidden vulnerabilities in their entire attack surface before they can be exploited by utilizing the knowledge of world-class ethical hackers. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures, and Triangle Peak Partners.

Protect your organizations with Bugcrowd, Right Platform, Right Crowd, Right Time, visit www.bugcrowd.com. 

“Bugcrowd” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

The post Testlio and Bugcrowd Join Forces to Deliver Comprehensive Quality and Security with Crowdsourced Testing for More Cost Efficient DevSecOps appeared first on Bugcrowd.

SAN FRANCISCO – April 19, 2023 — Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today announced new capabilities in its Penetration Testing as a Service (PTaaS) offering that enables buyers to purchase, set up, and manage pen tests directly online without a need for lengthy sales calls and scoping sessions. PTaaS is one of several solutions delivered on the Bugcrowd Security Knowledge Platform.

Legacy pen test solutions are slow, nontransparent, and low impact, and other PTaaS providers deliver what are often shallow vulnerability assessments–with neither offering access to pentester skill sets that many customers need. Bugcrowd now enables customers to buy, set up, and launch a human-driven, high-impact pen test with a team matched to their precise needs with just a few clicks, cutting configuration time from days to hours.

Bugcrowd’s Standard Pen Tests for External Web Apps and External Networks are now available in three different sizes through this new self-service experience. Bugcrowd offers the only platform-driven PTaaS through its Security Knowledge PlatformTM, which includes a rich Pen Test Dashboard for real-time access to test status, analytics, prioritized findings, and methodology progress. And, unlike other providers that take a cookie-cutter approach to sourcing pentesters, the Bugcrowd Platform’s proprietary CrowdMatchTM technology uses machine learning to match precisely the right trusted testers to customer needs on demand based on a variety of parameters, such as skill sets, availability, and ability to deliver high-quality results.

“Bugcrowd is on a journey to transform pen tests from what are currently cumbersome consulting projects into agile, high-impact, highly engineered products that can be procured, scoped, and delivered ‘as a service’ through a multi-solution SaaS platform,” said Dave Gerry, CEO of Bugcrowd. “With this announcement,  we’re democratizing security testing to empower organizations to quickly access the expertise of the crowd and transform the end-to-end experience for buyers and testers alike.”

Bugcrowd at the RSA Conference, April 24-27 in San Francisco

• Visit our Booth #2438 on the RSA Expo floor for swag, demos, and conversation about the news.
• Join us for a Bugcrowd Happy Hour within steps of Moscone Center to network with peers over food and drinks. 
• Request 1:1 time with execs for a deep dive into our announcement and the value of the Bugcrowd Security Knowledge Platform.
• Register to our events here

Availability and Pricing 

Bugcrowd’s Penetration Testing as a Service (PTaaS) offering is now available globally. For more information on how to get started, visit https://ww1.bugcrowd.com/get-ptaas/.

About Bugcrowd

Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, combines data and ML-driven crowd matching with decades of applied experience to bring the right human creativity to the right problem at the right time. Trusted by organizations across the globe, The Bugcrowd Security Knowledge Platform enables businesses to find hidden vulnerabilities in their entire attack surface before they can be exploited by utilizing the knowledge of world-class ethical hackers. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures, and Triangle Peak Partners.

Protect your organizations with Bugcrowd, Right Platform, Right Crowd, Right Time, visit www.bugcrowd.com. Read our blog here. 

“Bugcrowd” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

The post Bugcrowd Announces Ability to Buy, Set Up, and Launch Penetration Tests With A Few Clicks – A First for the Industry appeared first on Bugcrowd.