Attack surface and motivated attackers are both increasing, and organizations are often left to decide whether more humans (when available), or more technology (when affordable) will alleviate their growing coverage crisis. This year, the theme of RSA is, “Human Element.” While it’s easy to believe this might be a nod to one approach over the other, the word “element”– or an essential part of a whole– can’t be overlooked.
Bugcrowd believes only those organizations that can effectively balance the irreplaceable ingenuity of humans, with the efficiency and scale of technology, will succeed. That’s why we’re investing in both. We’re expanding our technology stack to integrate collective creativity anywhere within the security development lifecycle, for faster access to the skills that matter most, wherever and whenever you need them.
This week we’re thrilled to announce several platform enhancements designed to further this mission:
Skills Enrichment — Finding Talent in New Places
Bugcrowd has always taken great pride in the meticulous vetting process we use to activate top talent on our platform. But as our Crowd grew, so too did our need to make this process more efficient at scale. Last year we introduced CrowdMatchTM, the industry’s first talent-sourcing engine indexed by personalized information and historical performance data. Today, we’re excited to announce the next iteration, with the addition of new third-party integrations that extend and enrich the data we use to quickly and accurately match program participants.
By widening where we’re looking for talent, we can ensure every program has the skills required to see success sooner. In fact, on-demand customers in high-tech industries like FinServ, Telco, and IoT have seen time to first critical submission drop to just under 1.6 days on average.
Program Expansion — Bringing Talent to You
Customers frequently cite access to more diverse security skills as one of their top benefits in working with Bugcrowd. While public programs enable participation for any security researcher on the Bugcrowd platform, more than 80% of Bugcrowd customers run private programs, which can narrow focus by skill, trust, geography, experience, or any number of other factors. To ensure these programs can still benefit from fresh perspectives and experience as they become available, Bugcrowd is excited to announce Joinable and Waitlisted program access.
Joinable programs help spread program awareness to those that fit a customer-defined set of requirements. Researchers can view anonymized program descriptions and the requirements for joining to determine whether they would be a good fit. Once requirements are met, and verified by the Bugcrowd team, researchers can self-join and immediately start hunting. This reduces friction to top talent, while improving the equity of access to such programs amongst hopeful participants.
Waitlisted programs operate in a similar fashion, though rather than self-join, researchers are invited to apply for consideration. The Bugcrowd team then works with such researchers to close any skills gaps or assist in further vetting procedures until customer-defined requirements are met.
Unlocking the Enterprise —More Control for Multiple Programs and Marketplaces
Bugcrowd supports more of the Fortune 500s than any other crowdsourced security platform. Our enterprise customers are a critical component of our commitment to highly efficient, highly customizable, and highly scalable programs. To provide full visibility and control over multiple programs running simultaneously across the enterprise, we’ve introduced enhanced support for multiple programs and marketplaces. This capability enables a single “parent” entity to configure multiple control points across a set of programs, each which may have their own unique targets, program briefs, and researcher engagement profiles. For more on how Bugcrowd supports such offerings, check out out Marketplace solution page.
Workflow Your Way — JIRA Target Mapping
Bugcrowd is proud to offer the industry’s highest level of support and flexibility for our platform JIRA integration. Our new JIRA target mapping capability now allows JIRA projects to map directly towards any in-scope targets on the bounty program. This feature provides much more control over unique asset mapping to streamline the software and security development lifecycle (SDLC).
Connect to More — Easy API Creation for Highly-enabled OEMs
As you validate vulnerability submissions, pay, or perform any number of operations, our highly configurable API ensures you’re able to slice, segment, push, and present the data the way you need to meet your unique business objectives. With the latest enhancements to the Bugcrowd API, customers and partners are able to embed Bugcrowd into all of their existing security workflows, or connect capabilities across partners to deliver crowdsourced security on their terms.
See More, Share More —Security Posture and Program Health & Spend Reports
Beyond providing more tools for expanding security coverage, customers can now also readily elevate and communicate the value of their security programs to key stakeholders like partners and investors through two new executive reports:
The new Security Posture report makes it easier than ever for any audience to quickly assess overall program performance and value.The new Health and Spend report provides context-aware recommendations for strategic program improvements.
Backed by an elastic crowd of over 100k trusted white-hat hackers, our award winning platform provides intelligent skill matching, workflow standardization, and remediation advice to help companies like Atlassian and MasterCard protect their critical assets at a fraction of the cost per vulnerability of other testing methods.
If you’re at RSA, or interested in learning more about these updates, connect with a crowdsourced security expert today: