Bugcrowd is a crowdsourced security platform.[1][2][3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet.[4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.[5][6][7]
Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers.[10] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million.[10]
Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million.[11]
Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016.[12][13]
In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners.[14]
Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures.[15][16]
Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug.[18] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty.[19]
Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security.[20]
Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000.[21][22]
In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the severity of the vulnerabilities that were found, with 21 critical findings identified.[23]
In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer.[26][27]
The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them.[28][29]