Bugcrowd raises cash because of the power of the people

It's all about leveraging the wisdom of the crowds to uncover security bugs in software

BugCrowd raises cash because of the power of the people
Credit: Guilherme Tavares

News today from security testing vendor Bugcrowd highlights an increasing trend towards leveraging an outside community to do good things for organizations.

First, the news: Bugcrowd is investing a $15 million Series B led by Blackbird Ventures along with existing investors Costanoa Venture Capital, Industry Ventures, Paladin Capital Group and Rally Ventures. Not one to miss out on a funding opportunity, Salesforce Ventures also joined the round. The company has now raised $24 million since its founding at the Startmate accelerator in Sydney, Australia.

What Bugcrowd does is pretty simple. Its flagship product, Crowdcontrol, is used by a bunch of high-profile brands, including CreditKarma, Fitbit, Motorola, Tesla, TripAdvisor and Western Union, to resolve security bugs in their products. But this isn't any magic bullet “apply our advanced platform and resolve your bugs automatically” kind of science fiction. Instead, Crowdcontrol leverages that most ancient of resources—the crowd. Bugcrowd has built a vetted community of over 27,000 security researchers, all of whom helps Bugcrowd's customers reveal the holes in their software.

On top of the actually crowd-sourcing aspects, Bugcrowd also has a proprietary vulnerability reporting platform.

Shifting the cybersecurity paradigm

The upshot of all of this is that Bugcrowd believes it can change the paradigm for cybersecurity: more cost-effective and far faster than standard security testing programs. Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements.

“Bugcrowd is giving its customers a radical cybersecurity advantage over their adversaries. We started Bugcrowd with the mission of connecting the global security researcher community to the security market, and the past three years have been focused on building a safe, trusted, easy-to-use platform that can achieve massive scale,” said Casey Ellis, CEO and founder of Bugcrowd. “Hackers and companies desperately need each other but are historically terrible at getting along, and our success positions us ahead of the incredible opportunity to change that. We are looking forward to what the future holds here at Bugcrowd and incredibly proud to take a scrappy, innovative startup—born in the blossoming Australian startup scene and brought to Silicon Valley—to even greater heights in 2016.”

This funding specifically and the rise of vendors such as Bugcrowd generally point to an increasing trend towards companies sourcing more and more of their work from outside the organization. And this isn't primarily about cost-cutting. In the same way that large organizations such as Proctor and Gamble famously leveraged the crowds to help it more rapidly conceive of and develop new products, so too are a host of other organizations looking to crowds to be an important way to get things done.

Bugcrowd isn't alone, of course, HackerOne recently hired Marten Mickos, open source technology legend to be CEO of its platform. (HackerOne is in a very similar space to Bugcrowd.) No one knows who the winners and losers will be in this space, but one this is for sure: the crowd is wise, and organizations will continue to leverage that wisdom.

This article is published as part of the IDG Contributor Network. Want to Join?

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.