Bugcrowd Announces New Flex Bounty™ Security Testing Program

Company Also Issues First-Ever Report on the Economics of Bug Bounties

News provided by

Bugcrowd

Jun 25, 2014, 06:00 ET

SAN FRANCISCO, June 25, 2014 /PRNewswire/ -- Bugcrowd, the innovator in crowdsourced security testing, today announced the public availability of the company's Flex Bounty™ security testing program, allowing any company to leverage Bugcrowd's worldwide network of over 9,500 security researchers for customized bug bounty programs. This new approach to bug bounty programs, pioneered by Bugcrowd over the last year in conjunction with forward-thinking technology, e-commerce and financial services companies, has shown significant gains in cost savings and security results over traditional security testing programs. The Flex Bounty program adds to the responsible disclosure, managed bug bounty and hosted bug bounty programs already offered by the company.

Continue Reading
Bugcrowd logo. (PRNewsFoto/Bugcrowd)
Bugcrowd logo. (PRNewsFoto/Bugcrowd)

"The Flex Bounty program was developed to address a need for companies who want to integrate bug bounty programs into their existing security testing process or try bug bounty programs on a trial basis," said Casey Ellis, CEO and co-founder of Bugcrowd. "With the Flex program, companies can engage in timed, scalable bug bounty programs with a select group of Bugcrowd's top researchers. This allows companies to maximize their security ROI by fixing vulnerability costs while still leveraging the largest pool of security testers in the world to find security vulnerabilities before the bad guys do."

Bugcrowd also today announced the release of a new report on bug bounty best practices, sharing lessons learned from the 60 Flex Bounty programs the company has conducted to-date. The 2014 Flex Bounty Program Efficiency Report is an industry-first look at the economics and best practices of timed bug bounty programs and provides a first look into the world of paid bug bounties for mobile and web applications.

Topics covered in the report include best practices for researcher compensation, average results for valid vs. invalid vulnerability submissions and the types of submissions most commonly uncovered by security testers.

Highlights from the report include:

  • Research shows that a bug bounty incentive structure, which rewards testers based on the severity of problem detected or creativity of tactics employed, yields the best results for customers.
  • Compared to traditional penetration testing, Flex Bounty programs can start instantly, engage more researchers per test, identify vulnerabilities more quickly and cost significantly less.
  • Cross-site scripting vulnerabilities were the most common (32 percent) of all vulnerabilities reported.
  • On average, each Flex Bounty program yielded 193 total vulnerability report submissions, including 45 valid and in-scope vulnerability report submissions.
  • It is estimated that the crowd devoted an average of 163 man-hours to each Flex Bounty program, based on the number of vulnerability reports submitted.
  • The report details the first-ever model to ensure that researchers are compensated for all valid vulnerability report submissions, while still fixing the overall cost of each Flex Bounty program.

About Bugcrowd
Bugcrowd, the innovator in crowdsourced security testing for the enterprise, was founded in 2012 by a team of security and software development experts who saw the opportunity to level the playing field in cybersecurity. Bugcrowd's revolutionary approach to cybersecurity combines a proprietary vulnerability reporting platform with the largest crowd of security researchers on the planet. Cost-effective and far faster than standard security testing programs, Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements. Based in San Francisco, Bugcrowd is backed by Icon Ventures, Paladin Capital and Square Peg Ventures. To learn more about Bugcrowd, visit www.bugcrowd.com or check out the Bugcrowd blog.

Bugcrowd is a trademark of Bugcrowd, Inc.

Contact information:
Stephen Lynch
(415) 975-2217
[email protected]

Logo - http://photos.prnewswire.com/prnh/20140625/121285

SOURCE Bugcrowd

21%

more press release views with 
Request a Demo

Also from this source

Bugcrowd Report Unveils the Era of Human-Augmented Intelligence as AI Adoption Climbs to 82%

Bugcrowd Report Unveils the Era of Human-Augmented Intelligence as AI Adoption Climbs to 82%

Bugcrowd, a leader in crowdsourced cybersecurity, today released the ninth edition of its Inside the Mind of a Hacker report. Drawing from surveys...
Bugcrowd Unveils New AI Functionality to Streamline and Strengthen Security Resilience

Bugcrowd Unveils New AI Functionality to Streamline and Strengthen Security Resilience

Bugcrowd, a leader in crowdsourced cybersecurity, has launched new platform functionality, Bugcrowd AI Triage Assistant and Bugcrowd AI Analytics, to ...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

High Tech Security

High Tech Security

New Products & Services

New Products & Services

News Releases in Similar Topics