How the Pandemic is Reshaping the Bug Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

The pandemic has overhauled the bug-bounty landscape, both for companies looking to adopt such programs and the bounty hunters themselves. Casey Ellis, founder and CTO of Bugcrowd, said that COVID-19’s far-reaching implications — including increasing the acceptance of remote work, pushing more users to digital platforms and other aspects — are creating unanticipated new trends for bug-bounty platforms.

For one, new work-from-home models caused by the pandemic has created more pressure on digital platforms — including collaboration tools like Zoom — to secure their platforms, creating a bigger motivation for these firms to launch or enhance bug-bounty programs. At the same time, the mandatory push to remote work has opened a new level of acceptance for companies working with bounty hunters who are not physically present within the organization.

“We’ve seen [hesitation around remote work] really get challenged in a positive way by COVID, which is netted out to more people being comfortable with the idea of getting expert security help in from the outside world,” Ellis said.

On a broader scale, Ellis said that he’s seen ethical hackers begin to put in more serious time searching for bugs: “People just had more discretionary time” during the pandemic, he said. “Because they weren’t going out, or commuting to and from work, and especially if you’re a younger person, or if you don’t have as many commitments at home, that nets out to more time to do stuff, which we saw get applied into bounty hunting.”