3 min read

3 years, 20,000 security researchers & 200 clients later...

2012 was the year that almost every industry, banking, education, government, big tech and even security, was hacked. Many, if not all of these companies were doing “all” they could to protect themselves against these hacks, and yet they were still left vulnerable. In direct response to this, 2012 was also the year we built Bugcrowd to beat an army of adversaries with an army of allies.

This army of allies has since grown to a diverse, skilled, and reckoning force of over 20,000 security researchers. While this number is a huge milestone for Bugcrowd and the security research community, it is just that — a number. What we’re really celebrating today, and always, is not just the sheer number of talented folks that are part of the Bugcrowd family, but what these talented folks have done; collectively and individually.

From novel and highly critical vulnerabilities found and disclosed, to groundbreaking presentations given at security conferences worldwide, the crowd are doing amazing things in the way of making the Internet a safer place. We have invested in the crowd from the beginning, and are thrilled to see it pay off for our researchers, and the research community as a whole.

“Bugcrowd put a lot of effort into building a community and it really paid off… My skills over time started improving and for a while I was earning as much from bounties as I was in my full-time job.” — Ciaran McNally, Security Consultant/ Engineer and Bugcrowd researcher.

Being able to quantify and reward this quality is one of the most rewarding aspects of our business. We have increased our payouts to the crowd by 200 percent over 2014 Q3 payouts, with the average payout being 1.81 times higher. This growth creates a feedback loop which further drives collective creativity of the crowd, which has translated into amazing outcomes for our customers.

Since 2012, we’ve partnered with companies who actively ‘fighting like with like’ by leveraging our crowd to close the security gap within their applications. We were the first company to bring bug bounties and crowdsourced cybersecurity to companies unable to run their own internal programs like Google, Microsoft and Facebook had done for years prior. Our model was rapidly accepted by startups and high tech firms that welcomed having more eyes on their applications. In the past three years, with the help of our ambassadors — researchers and customers alike — we have successfully brought our model to the enterprise, and the value is immediately apparent.

“Bugcrowd takes out a lot of the legwork for our teams. We can focus on the findings and other projects while Bugcrowd leverages the world to crowdsource information and find bugs on our site.” — David Levin, Director of Information Security, Western Union

We now run programs for customers in virtually every industry. The successful public programs we run for companies like Pinterest, Western Union, Dropbox, Fitbit, Indeed, as well as the numerous high profile private programs we run, have seen thousands of vulnerabilities found and resolved by our clients. Last quarter we saw an increase of subscription bookings by over 400 percent from the same quarter last year, have more than doubled our customer base, and have tripled our employee headcount.

While we are thrilled for our success, as well as the successes our customer programs and researcher community have seen, we are equally thrilled to see the growth and maturation of the market. These results signal to us and to industry leaders that this bug bounty and crowdsourced security market is reaching maturation. As you can read further in our 2015 State of Bug Bounty Report, what started as a simple notion of crowdsourcing security talent has become a sophisticated marketplace that is delivering substantial results.

We see crowdsourcing as more than a nifty trick, bigger than just a cool story about the latest bug bounty launch… We see it as the only way that companies large and small can level the playing field when it comes to competing with a crowd of adversaries. I’m excited to see Bugcrowd taking this idea into the broad market, and creating confidence for our clients in the face of a hostile internet.

Read the full press release here.

Originally published at blog.bugcrowd.com on October 8, 2015.