Hubbry Logo
BugcrowdBugcrowdMain
Open search
Bugcrowd
Community hub
Bugcrowd
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Bugcrowd
Bugcrowd
Bugcrowd
View on Wikipedia
from Wikipedia

Bugcrowd is a crowdsourced security platform.[1][2][3] It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet.[4] Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.[5][6][7]

Key Information

History

[edit]

Bugcrowd was founded in Sydney, Australia in 2012. As of 2018, its main headquarters is in San Francisco, with other offices in Sydney and London.[8]

In May 2024, Bugcrowd acquired attack surface management company, Informer.[9]

Funding

[edit]

Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers.[10] This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million.[10]

Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million.[11]

Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016.[12][13]

In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners.[14]

Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures.[15][16]

Clients

[edit]

As of 2020, Bugcrowd worked with 65 industries across 29 countries.[16] Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay.[17][5]

Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug.[18] In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty.[19]

Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security.[20]

Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000.[21][22]

In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the severity of the vulnerabilities that were found, with 21 critical findings identified.[23]

Bugcrowd also runs programs for the U.S. DOD, the Air Force, NASA and DDS.[24][25]

Other projects

[edit]

In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer.[26][27]

The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them.[28][29]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Bugcrowd

View on Grokipedia
from Grokipedia
Bugcrowd is an American crowdsourced cybersecurity company founded in 2012 in that operates a platform connecting organizations with a global community of ethical hackers and penetration testers to identify and remediate software vulnerabilities through bug bounty programs, vulnerability disclosure initiatives, and managed penetration testing services. Headquartered in , , with additional offices in , , Bugcrowd's platform facilitates proactive security testing by leveraging the expertise of over 200,000 registered researchers to simulate real-world attacks and uncover critical flaws before they can be exploited by malicious actors. The company's core offerings include customizable bug bounty programs, where organizations set rewards for discovering vulnerabilities; vulnerability disclosure programs (VDPs) that encourage responsible reporting without monetary incentives; and advanced services like red teaming and AI-powered automated testing following its 2025 acquisition of Mayhem Security. Bugcrowd emphasizes improving security (ROI), with reported outcomes including a 30% reduction in breach risk, detection of 7 times more critical vulnerabilities compared to traditional methods, and a 268% ROI for clients through digitized workflows and expert . Its platform integrates with enterprise tools for seamless and supports compliance with standards like GDPR and PCI-DSS by providing auditable security processes. Since its inception, Bugcrowd has grown to serve major enterprises across industries such as , healthcare, and , managing thousands of programs and paying out millions in researcher bounties annually to foster a collaborative ecosystem between defenders and the hacker community. The company has raised over $243 million in funding and achieved status in 2024, reflecting its influence in shifting cybersecurity from reactive to crowdsourced, intelligence-driven models.

Company Overview

Description and Mission

Bugcrowd is a private cybersecurity company specializing in crowdsourced bug bounty programs, penetration testing as a service (PTaaS), vulnerability disclosure programs (VDP), and attack surface management. The platform connects organizations with a global community of ethical hackers to identify and mitigate vulnerabilities before exploitation by malicious actors. Its mission is to make the digitally connected world a safer place by meeting organizations at their current maturity level and enabling proactive defense against cyberthreats through innovative, hacker-powered solutions. This approach emphasizes human-AI augmented , enhanced by the 2025 acquisition of Mayhem Security to integrate AI-driven testing capabilities. The Bugcrowd platform supports comprehensive vulnerability assessments across diverse assets, including web applications, APIs, mobile applications, large language models (LLMs), hardware devices, and network infrastructure. This crowdsourced model leverages the diverse expertise of ethical hackers to deliver faster, more thorough results than traditional methods, with features like 24/7 and advanced analytics to prioritize risks. Bugcrowd operates at significant scale, serving thousands of clients across more than 65 industries in over 29 countries. It draws from a community of roughly 200,000 trusted security researchers worldwide to power its programs. The company is headquartered in , , with additional offices in , , and , .

Leadership and Operations

Bugcrowd was founded in 2012 by Casey Ellis, Chris Raethke, and Sergei Belokamen, who envisioned a crowdsourced platform to leverage global ethical hackers for identifying software vulnerabilities more efficiently than traditional methods. Ellis, with over 20 years in , drove the initial concept of connecting organizations with a distributed community of researchers to enhance cybersecurity testing. Raethke, a full-stack developer with experience in product development, contributed technical expertise to build the platform's early infrastructure, while Belokamen supported the foundational operations in the company's Australian origins. The current executive team is led by Dave Gerry as , who oversees strategic growth and operations drawing from his prior roles in at companies like WhiteHat Security and . Robert Taccini serves as Chief Financial Officer, managing financial strategy and scaling efforts. Casey Ellis remains involved as Founder and Advisor, providing guidance on platform innovation and community engagement. Nicholas McKenzie acts as Chief Information and Security Officer, responsible for internal security posture and information systems. Bugcrowd operates with a global team of 201-500 employees as of 2025, distributed across offices in , , the , and other regions, emphasizing platform , researcher community management, and client support services. The organizational structure includes dedicated teams for , customer , and operations, enabling 24/7 support for crowdsourced programs. Internal processes incorporate AI-driven tools for efficiency, such as AI , which automates vulnerability validation to flag critical issues in seconds and reduce manual review time. CrowdMatch employs a proprietary AI to match researchers to programs based on their historical performance, skills, and program requirements, optimizing engagement across penetration testing and bug bounties. The platform integrates with tools like Jira, Azure Boards, and APIs for seamless workflow incorporation, allowing security findings to flow directly into development pipelines. Employee growth reached 161 new hires in 2024, supporting expansion amid rising demand for crowdsourced , with a culture centered on in cybersecurity through initiatives like the Security Innovation Lab for internal idea-sharing and experimentation. Bugcrowd fosters via programs such as Bugcrowd University, which provides training resources on hacking techniques and , benefiting both internal teams and the broader community.

History

Founding and Early Years

Bugcrowd was founded in 2012 in , , by , Chris Raethke, and Sergei Belokamen. The company's origins were driven by the recognition of a need for scalable vulnerability discovery in cybersecurity, where traditional in-house security teams often struggled with resource limitations and the growing complexity of threats. , a veteran in , pioneered the crowdsourced-security-as-a-service model to leverage a global community of ethical hackers, contrasting the limitations of conventional pentesting approaches. The initial focus centered on developing a platform for bug bounties that connected organizations with independent security researchers, enabling more efficient and diverse vulnerability identification. In 2013, Bugcrowd relocated its operations to the , securing $1.6 million in seed funding led by investors including Icon Ventures, Paladin Capital Group, and Rally Ventures to support expansion. The company was formally incorporated in on February 4, 2013, establishing its U.S. headquarters there to access a larger ecosystem of talent and clients. By 2014, Bugcrowd launched its Security Knowledge Platform, which facilitated managed bug bounty programs by providing tools for vulnerability submission, , and remediation. Early years were marked by challenges in building a trusted researcher community and gaining organizational buy-in for , as companies were initially skeptical of outsourcing critical security tasks to external hackers. To address this, Bugcrowd emphasized vetting processes and incremental trust-building through private, invite-only programs. A key milestone came in 2015 with the partnership with , Bugcrowd's first major client in the financial sector; the collaboration began as a private in early 2014 before expanding publicly, marking an early validation of the platform's efficacy in high-stakes industries.

Growth and Key Milestones

In 2016, Bugcrowd experienced significant growth, launching advanced platform features such as the Vulnerability Rating Taxonomy (VRT) to standardize vulnerability prioritization and enhance transparency in bug bounty programs. This period also marked the company's entry into government sectors, with increased adoption among organizations seeking crowdsourced . By 2018, Bugcrowd introduced Disclose.io, an open-source framework designed to provide standardized safe harbor protections for vulnerability disclosure, enabling organizations and researchers to collaborate legally on security findings. The company expanded its global footprint that year by establishing an office in , supporting its growing international operations. In 2018, Bugcrowd introduced Penetration Testing as a Service (PTaaS). In 2019, it launched management capabilities. Amid the surge in remote work vulnerabilities driven by the in 2020, Bugcrowd enhanced its PTaaS and management offerings, allowing organizations to continuously identify and assess external assets. Bugcrowd celebrated its 10th anniversary in 2022, reflecting on a decade of milestones including the annihilation of approximately 200,000 vulnerabilities through crowdsourced efforts and community events honoring top researchers. In 2024, the company began integrating AI enhancements into its platform, focusing on improving triage processes and testing efficiency, building on prior AI security research initiatives. This was complemented by the release of its annual CISO Report in 2025, which highlighted an 88% year-over-year increase in hardware vulnerabilities discovered through crowdsourced testing. Key milestones underscore Bugcrowd's expansion, including growth to a of over 200,000 trusted researchers worldwide. In 2025, the company was recognized as a Leader in G2's Fall Report across categories such as Crowd Testing Tools, Penetration Testing, Bug Tracking, and . Bugcrowd now serves clients in 43 countries as of 2022, demonstrating its broad global reach.

Products and Services

Crowdsourced Testing Programs

Bugcrowd's bug bounty programs operate as managed contests that engage a global of researchers to discover and report in client assets, including web applications, mobile apps, APIs, and hardware devices. These programs provide monetary rewards based on vulnerability severity, encouraging thorough testing within defined scopes to identify issues before exploitation. By leveraging crowdsourced expertise, organizations can uncover a broader range of flaws compared to traditional methods, with Bugcrowd handling program setup, management, and payments to streamline the process. Complementing bug bounties, Bugcrowd's Vulnerability Disclosure Programs (VDPs) facilitate non-monetary reporting of security vulnerabilities, ideal for open-source projects or coordinated disclosure scenarios where immediate rewards are not offered. VDPs establish clear guidelines for ethical reporting, providing early warnings of potential risks without financial incentives, and align with regulatory requirements such as BOD 20-01 and HIPAA. Bugcrowd integrates standards from disclose.io, an open-source framework it launched in to standardize policies and offer safe harbor protections for researchers, ensuring legal safeguards for good-faith disclosures. The Bugcrowd platform supports these programs through streamlined mechanics, beginning with researcher where users register and specify skills, interests, and preferences to receive tailored program invitations. Clients define testing scopes by outlining in-scope assets and , while out-of-scope areas prevent unintended testing. Submitted reports enter a process that employs AI for initial validation—achieving 98% accuracy in duplicate prediction and critical flagging—followed by human review from triage specialists to confirm validity, assign severity, and notify clients. Reward structures in bug bounties are tiered by impact, as demonstrated by Samsung's Rewards Program, where Bugcrowd has facilitated over $5 million in payouts to researchers as of since the program's launch in 2017 for vulnerabilities in mobile devices. Bugcrowd offers two primary program types: private initiatives customized for enterprises to target specific, confidential assets with invite-only researcher access, and programs open to all verified researchers for broader community participation. Examples of programs include those for Immutable, focusing on and gaming ; Rapyd, a platform that uncovered 15 critical vulnerabilities shortly after launch; and , emphasizing app protections. These formats allow flexibility, with programs fostering wider innovation while private ones ensure controlled testing for sensitive environments. Across its platform, Bugcrowd has processed hundreds of thousands of submissions since inception, enabling the remediation of critical issues that traditional measures often miss, such as a 7x higher detection rate for high-severity flaws. Programs emphasize impactful findings, with average timelines showing first vulnerabilities reported in 10 days and critical ones in 23 days, underscoring the efficiency of crowdsourced approaches in scaling testing.

Managed Security Solutions

Bugcrowd's managed security solutions provide enterprise clients with structured, on-demand services that extend beyond traditional crowdsourced programs, focusing on proactive mitigation through integrated human expertise and . These offerings include Penetration Testing as a Service (PTaaS), External Management (ASM), and as a Service (RTaaS), designed to deliver continuous visibility, prioritized remediation, and simulated threat scenarios within a unified platform. By combining curated researchers with scalable tools, these solutions enable organizations to address evolving attack vectors in web applications, mobile environments, APIs, networks, cloud infrastructure, and emerging technologies like AI systems. Penetration Testing as a Service (PTaaS) represents a core component of Bugcrowd's managed portfolio, offering continuous and on-demand penetration testing that leverages a global pool of vetted ethical hackers alongside automated tools for rapid identification. This service supports testing across diverse assets, including web applications, mobile apps, APIs, networks, environments (such as AWS, Azure, and Google Cloud), IoT devices, hardware, and (OT). Clients can launch standard or customized assessments in under 72 hours via a subscription model, with real-time dashboards providing prioritized findings, progress tracking, and integration into life cycles (SDLC) for ongoing remediation. PTaaS adheres to compliance frameworks like PCI DSS, HIPAA, GDPR, and ISO 27001, ensuring actionable results that reduce exposure to high-impact threats. External Management (ASM) complements PTaaS by automating the discovery, inventory, and monitoring of an organization's external , including web domains, subdomains, IP addresses, and services. The solution employs active scanning across hundreds of sources to identify both known and unknown assets, while continuously tracking changes and vulnerabilities, scanning for over 40,000 application and infrastructure vulnerabilities. Vulnerabilities are prioritized using (CVSS) ratings, enabling scheduled scans (daily, weekly, or monthly) and instant alerts via email, reports, or integrations like JIRA. Integrated with Bugcrowd's broader platform, ASM enhances vulnerability management by providing a unified view of external risks, allowing enterprises to focus remediation efforts on critical exposures before exploitation. Red Team as a Service (RTaaS) delivers simulated adversarial engagements to assess comprehensive organizational defenses, mimicking real-world attacker tactics across people, processes, and technology. Launched in 2025, RTaaS utilizes a crowdsourced model with vetted operators to execute scenario-based, intelligence-led simulations that uncover full attack paths and evasion techniques. Available in assured, blended, or continuous formats, the service provides persistent testing with updates for actionable insights, helping clients validate incident response, detection capabilities, and overall security posture. This approach goes beyond isolated penetration tests by incorporating social engineering and multi-vector threats, fostering resilience against advanced persistent threats. Post-2024 enhancements in AI integrations have augmented these managed solutions, particularly through the 2025 acquisition of Mayhem Security, which introduced human-augmented AI for automated and vulnerability prioritization. This integration enables AI-driven testing of large models (LLMs) and other AI systems, identifying issues like prompt injection, data bias, and risks via targeted red teaming and bias assessments. By combining with researcher expertise—such as Bugcrowd's CrowdMatch AI for optimal team assembly—these tools reduce testing timelines, with launches achievable in days and retesting included for up to 12 months, thereby accelerating remediation without compromising depth. AI Connect further facilitates secure with internal AI applications to enhance response. Customization options allow these solutions to be tailored for specific industries and compliance needs, with curated pentester teams matched to client environments using AI-driven selection. For , PTaaS and RTaaS can focus on uncovering risks and strengthening internal controls through specialized scoping for distributed, cloud-native assets. Offerings scale via tiered subscriptions (Standard, Plus, Max) that accommodate bespoke targets like or onsite testing, ensuring alignment with regulatory standards and organizational priorities.

Community and Educational Tools

Bugcrowd fosters a global community of ethical hackers through various educational and engagement initiatives designed to enhance skills, promote , and recognize contributions to cybersecurity. These tools emphasize , open-source principles, and professional development, supporting over 200,000 registered security researchers worldwide. Central to Bugcrowd's educational efforts is Bugcrowd University, a free, open-source online platform launched in that provides training modules on hacking fundamentals, bug bounty methodologies, and advanced cybersecurity techniques. The platform aims to new researchers by offering self-paced content to build essential skills, such as vulnerability identification and ethical hacking practices, without requiring formal certifications from Bugcrowd itself. Researchers can integrate this training with Bugcrowd's process, where they declare skills and preferences during account setup to match with suitable programs. To motivate and highlight top performers, Bugcrowd maintains public leaderboards that rank researchers based on vulnerability impact, resolution rates, and overall contributions across programs. Annually, the company hosts the Ingenuity Awards, celebrating excellence with categories like Breakthrough Hacker, which in 2025 recognized bronxi for innovative vulnerability discoveries and community influence. Other honors, such as Top P1 Hacker, underscore high-severity findings, fostering a competitive yet collaborative environment that elevates researcher profiles and encourages sustained participation. Bugcrowd engages its community through events like hacker summits, webinars, and annual reports that share industry insights. The company participates in major gatherings such as Black Hat USA 2025 and 33, where researchers network, attend hands-on workshops, and compete in challenges like the Hacker Showdown, which saw over 100 high-impact submissions in its first 48 hours in October 2025. Webinars cover topics from pentesting strategies to emerging threats, while the 2025 Cybersecurity Predictions report aggregates forecasts from Bugcrowd leaders and top hackers on trends like IoT vulnerabilities and AI-driven attacks. In terms of open-source contributions, Bugcrowd developed disclose.io in as a free framework for standardizing vulnerability disclosure programs, providing templates for safe harbor policies, report submission guidelines, and a searchable database of over 1,000 programs. This tool protects researchers legally during ethical disclosures and promotes transparency in bug bounties, with multilingual support for global adoption. Supporting researcher success, Bugcrowd's CrowdMatch pairs hackers with programs aligned to their expertise, resulting in an 82% average increase in payouts through more relevant engagements. The platform streamlines payout for timely rewards, as demonstrated in partnerships like the 2017 Samsung collaboration, ensuring efficient compensation for valid submissions. These features, combined with a vetted network, enable scalable collaboration and professional growth for ethical hackers.

Funding and Financials

Investment Rounds

Bugcrowd's funding journey began with a $50,000 seed round in December 2012. This was followed by a seed round in September 2013, raising $1.6 million from investors including ICON Ventures, Capital Group, and Square Peg Capital to expand its bug bounty marketplace and grow its of vetted security researchers. This capital supported the company's relocation to the and initial platform development. In March 2015, Bugcrowd secured $6 million in Series A funding led by Costanoa Ventures, with participation from Rally Ventures, Square Peg Capital, Paladin Capital Group, and ICON Ventures, aimed at accelerating enterprise adoption of crowdsourced . The funds enabled expansion of the researcher community, which grew from 3,000 to over 15,000 members. The company raised $15 million in a Series B round in April 2016, led by Blackbird Ventures and joined by Costanoa Ventures, Rally Ventures, Paladin Capital Group, Square Peg Capital, and ICON Ventures, to scale product offerings, pursue strategic partnerships, and enhance . Bugcrowd's Series C funding totaled $26 million in March 2018, led by Triangle Peak Partners with participation from prior investors, focused on scaling security testing capabilities for customers and researchers to support international growth. In April 2020, a $30 million Series D round was completed, led by Rally Ventures and involving existing backers, to broaden the bug bounty platform and launch Penetration Testing as a Service (PTaaS). Bugcrowd announced $102 million in strategic growth financing in February 2024, led by General Catalyst with participation from Rally Ventures and Costanoa Ventures, directed toward enhancing its AI-powered platform, accelerating global expansion in EMEA, APAC, and the US, and pursuing . In October 2024, the company obtained a $50 million growth capital facility from to further expand its AI-driven cybersecurity solutions and support ongoing innovation. As of November 2025, Bugcrowd has raised a total of approximately $231 million across eight funding rounds.

Valuation and Investors

Bugcrowd reached a valuation of $1 billion in February 2024 following its Series E funding round, marking its entry into status amid expanding demand for crowdsourced cybersecurity solutions. This valuation reflects the company's strategic positioning in the cybersecurity market, bolstered by investments that supported platform enhancements and global scaling. The company's major investors include Blackbird Ventures, which led the Series B round in 2016 and participated in seed funding, fostering cross-border innovation between Australian and U.S. markets through its focus on high-growth tech ecosystems. Rally Ventures provided backing in the seed round and led the Series D in 2020, emphasizing and cybersecurity scalability. , a cybersecurity specialist, invested early and supported the 2024 growth initiatives, aiding Bugcrowd's alignment with and defense sector needs through its expertise in secure deployments. Additional key backers are Costanoa Ventures, which joined in Series A and subsequent rounds to drive ; , leader of the Series C in 2018; and , which provided debt financing in late 2024. These investors have collectively influenced Bugcrowd's emphasis on cybersecurity advancements, with Blackbird strengthening international expansion and facilitating opportunities in regulated environments like contracts. Bugcrowd's total funding stands at approximately $231 million across equity and rounds, incorporating a $50 million facility from in October 2024 to fuel operational growth without diluting equity. This mix of financing underscores a balanced approach to capital, enabling sustained investment in platform capabilities while maintaining investor alignment on long-term value creation. In terms of financial health, Bugcrowd's revenue grew more than 40% in 2023, with continued expansion in 2024 driven by AI integrations into its crowdsourced testing platform, which enhanced detection and attracted new enterprise clients. These AI-driven features, including automated risk prioritization, have positioned the company to capitalize on rising demands for proactive in an evolving threat landscape.

Acquisitions and Business Development

Major Acquisitions

In May 2024, Bugcrowd acquired Informer, a provider of external management (ASM) and continuous penetration testing services, marking the company's first major acquisition. This move enhanced Bugcrowd's capabilities in automated asset discovery by integrating Informer's technology for identifying exposed digital assets and prioritizing vulnerabilities across , web, and network environments. The acquisition allowed for seamless incorporation of Informer's ASM tools into Bugcrowd's platform, enabling clients to combine crowdsourced with automated scanning for more comprehensive monitoring. More recently, on November 4, 2025, Bugcrowd acquired Mayhem Security, an AI-powered firm specializing in and testing, founded by a team of ethical who won the 2016 DARPA Cyber Grand Challenge. Mayhem's autonomous tools, designed to simulate real-world attacks and uncover software vulnerabilities at scale, were brought on board to augment Bugcrowd's human-led testing programs with machine-driven efficiency. All of Mayhem's employees joined Bugcrowd, facilitating immediate integration of their AI models into the Bugcrowd platform for hybrid testing workflows that blend ethical hacker expertise with automated discovery. Bugcrowd's acquisition strategy has emphasized investments in AI and to evolve its crowdsourced model, as evidenced by the rapid incorporation of acquired technologies into its core platform. Following the Mayhem deal, these enhancements supported the development of unified solutions for proactive validation, positioning Bugcrowd to address complex threats in dynamic environments. The acquisitions have expanded Bugcrowd's offerings in testing and offensive capabilities, enabling faster detection and remediation of software flaws through combined human-AI approaches.

Strategic Partnerships

Bugcrowd has established strategic partnerships with various technology providers to integrate its crowdsourced security platform into broader ecosystems, enabling seamless vulnerability management workflows. A key collaboration is with (AWS), where Bugcrowd's solutions, including vulnerability disclosure programs and penetration testing services, have been available on the AWS Marketplace since December 2021, facilitating easier adoption by AWS customers. This partnership expanded through Bugcrowd's entry into the AWS ISV Accelerate Program, which supports co-selling opportunities and enhances integration for cloud-based security testing. Additionally, Bugcrowd integrates with tools such as JIRA, , and , allowing automated vulnerability reporting and remediation within development pipelines. A partnership with Secure Code Warrior further supports developer-focused security training, combining Bugcrowd's crowdsourced insights with coding exercises to improve secure software practices. To extend its reach, Bugcrowd allies with value-added resellers (VARs) and security consultants that bundle its services into comprehensive offerings. In , Bugcrowd formed a North American alliance with Climb Channel Solutions to distribute its platform to resellers and managed service providers. Similarly, a with GlobalDots integrates Bugcrowd's capabilities into cloud optimization services, announced in April 2025. Other collaborations include reseller agreements with SocialProof for social and Pretera for hybrid manual and crowdsourced testing. In industry collaborations, Bugcrowd worked with the CipherLaw to develop the Vulnerability Disclosure Framework, which informed the 2018 launch of Disclose.io, an open-source tool providing legal safe harbor for vulnerability disclosures. Government ties include hosting the (NASA) Vulnerability Disclosure Program on its platform since at least 2024, enabling ethical hackers to report issues securely. Bugcrowd also partners with the U.S. (CISA) to operate the federal Vulnerability Disclosure Program platform since 2021, supporting disclosures across agencies including the Department of Defense. Bugcrowd engages in community partnerships through joint events with ethical hacking groups, such as live bug bashes at conferences like Black Hat, where it collaborates with organizations like to connect researchers with real-time testing opportunities. These initiatives foster collaboration among hackers. Additionally, Bugcrowd collaborates with industry leaders on cybersecurity predictions, as seen in its 2025 report featuring insights from executives and top researchers on trends like risks and AI-driven threats. In 2025, these partner ecosystems contributed to Bugcrowd's recognition as a Leader in the Fall Report across categories including Crowd Testing Tools, Penetration Testing, Bug Tracking, and Security.

Clients and Impact

Notable Clients

Bugcrowd has engaged a diverse array of prominent clients across multiple sectors, leveraging its crowdsourced platform for vulnerability disclosure and s. In the technology sector, notable clients include Tesla, which launched its through Bugcrowd in 2015 to identify vulnerabilities in its main website and services. utilizes Bugcrowd for its public bug bounty targeting web applications and APIs. Amazon has participated in Bugcrowd-hosted programs as part of its broader vulnerability reporting efforts. has been associated with Bugcrowd's platform for initiatives. partners with Bugcrowd to manage payments and rewards for its Rewards Program, focusing on mobile device vulnerabilities. runs a dedicated bug bounty engagement on the platform to secure its VPN services. In the financial services sector, Bugcrowd's clients encompass major payment and fintech providers. Mastercard operates a public bug bounty program via Bugcrowd, emphasizing critical infrastructure and payment systems. Square (now part of Block) maintains an open-source bug bounty on the platform for its developer tools and APIs. Western Union became Bugcrowd's first financial services partner in 2015, starting with a private invite-only program that evolved into a public bug bounty for its global transfer services. Government and defense organizations represent another key area of engagement. The U.S. Department of Defense selected Bugcrowd in 2016 to power the "Hack the Pentagon" initiative, assessments for public-facing systems. The U.S. collaborated with Bugcrowd on a 2019 bug bounty for its One/Common Computing Environment, targeting cloud infrastructure. hosts its Disclosure Program on Bugcrowd, inviting reports on space-related web applications and data systems. Beyond these sectors, Bugcrowd serves clients in health tech, e-commerce, mobility, fintech, and blockchain. Fitbit partnered with Bugcrowd in 2018 for a public bug bounty focused on mobile apps, web platforms, and APIs to protect user health data. Seek, an employment platform, runs a bug bounty with maximum rewards up to $10,000 for high-impact findings in its job search infrastructure. Catawiki, Europe's leading auction marketplace, adopted Bugcrowd's unified platform in 2024 for continuous pen testing and bug bounties across its special objects trading site. Just Eat Takeaway.com manages its public bug bounty through Bugcrowd to secure food delivery apps and ordering systems. Bolt Technology, a mobility provider, launched a public engagement in 2025 targeting its ride-hailing app and backend services. Rapyd, a global fintech, expanded its program to Bugcrowd for API and payment platform testing. Immutable, a blockchain gaming platform, hosts its bug bounty on Bugcrowd for web3 infrastructure and NFT marketplaces. As of 2020, Bugcrowd's engagements spanned over 65 industries and 29 countries, reflecting its global reach in supporting crowdsourced initiatives.

Security Achievements and Reports

Bugcrowd has facilitated the disclosure of over a million data points through its platform, enabling organizations to identify and remediate risks proactively. According to the company's 2025 CISO Report, this includes notable trends such as an 88% year-over-year increase in hardware vulnerabilities and a doubling of network vulnerabilities, driven by the proliferation of IoT devices and AI-integrated systems. These statistics underscore the escalating complexity of modern threat landscapes, with the report analyzing hundreds of thousands of submissions to highlight shifts in types. Key achievements in Bugcrowd's programs demonstrate tangible security enhancements for participants. For instance, the Mobile Rewards Program, powered by Bugcrowd, distributed over $2 million in bounties to researchers, fortifying security against emerging threats. Similarly, the bug bounty initiative identified multiple critical vulnerabilities, contributing to robust VPN protections. In another example, Seek's program featured a maximum reward structure of $10,000 for high-impact findings, incentivizing thorough testing of its platform. Bugcrowd's annual reports provide critical insights into evolving cybersecurity challenges. The 2025 CISO Report details rising threats from hardware and network exposures, emphasizing the need for continuous testing amid rapid technological adoption. Complementing this, the 2025 Cybersecurity Predictions report, compiled from input by Bugcrowd leaders and top hackers, forecasts increased focus on security, AI-driven attacks, and IoT vulnerabilities as dominant risks. Through its engagements, Bugcrowd has significantly reduced security risks for high-profile clients, including the U.S. Department of Defense (DoD). The company's involvement in the "Hack the Pentagon" initiative helped identify and resolve vulnerabilities in DoD systems, enhancing overall defense posture. Additionally, Bugcrowd contributes to open-source security standards by open-sourcing its Vulnerability Rating Taxonomy (VRT), a framework that standardizes vulnerability assessment and has been adopted by the broader community for improved transparency and prioritization. Bugcrowd has received notable industry recognition for its platform's effectiveness. In the Fall 2025 G2 Grid Report, it was named a Leader in four categories: Crowd Testing Tools, Penetration Testing, Bug Tracking, and Security. The company's Ingenuity Awards further highlight community success, with the 2025 Breakthrough Hacker award celebrating emerging talent for innovative contributions to ethical hacking.

References

  1. https://www.bugcrowd.com/about/
  2. https://www.bugcrowd.com/
  3. https://www.bugcrowd.com/blog/bugcrowd-acquires-mayhem-security-redefining-ai-powered-security-testing/
  4. https://www.bugcrowd.com/products/platform/
  5. https://www.cbinsights.com/company/bugcrowd/financials
  6. https://tracxn.com/d/companies/bugcrowd/___RhU7uKvtIELFmsofWRqAt0iDiVHGLy6BGQijdjZ0ts
  7. https://www.bugcrowd.com/about/press-kit/
  8. https://www.bugcrowd.com/press-release/bugcrowd-announces-record-growth-secures-30-million-in-series-d-funding/
  9. https://www.bugcrowd.com/wp-content/uploads/2023/12/business-value-bugcrowd-security-solutions.pdf
  10. https://find-and-update.company-information.service.gov.uk/company/12579318
  11. https://www.crunchbase.com/organization/bugcrowd
  12. https://techcrunch.com/2024/02/12/bugcrowd-snaps-up-102m-for-a-bug-bounty-security-platform-that-taps-500k-hackers/
  13. https://www.bugcrowd.com/about/leadership/
  14. https://www.smartcompany.com.au/startupsmart/the-story-of-bugcrowd-from-startmate-to-san-francisco/
  15. https://www.theaustralian.com.au/business/technology/bug-test-startup-bugcrowd-out-to-crack-us/news-story/c1cf1ad86c988286a5c6de94909a04b4
  16. https://www.linkedin.com/company/bugcrowd
  17. https://www.bugcrowd.com/blog/bugcrowd-ai-triage-speeds-vulnerability-resolution-elevates-hacker-experience/
  18. https://www.bugcrowd.com/products/platform/crowdmatch/
  19. https://www.bugcrowd.com/products/platform-integrations/
  20. https://www.bugcrowd.com/blog/crowdsourced-intelligence-in-action-bugcrowds-2024-year-in-review/
  21. https://www.bugcrowd.com/blog/introducing-bugcrowds-security-innovation-lab/
  22. https://www.bugcrowd.com/resources/levelup/introduction-to-bugcrowd-university/
  23. https://www.forbes.com/sites/andygreenberg/2013/09/04/startup-bugcrowd-raises-1-6-million-to-pay-hacker-hordes-to-hunt-clients-bugs/
  24. https://cje.io/bio/
  25. https://techcrunch.com/2013/09/04/bugcrowd-raises-1-6-million-to-expand-bug-bounty-marketplace/
  26. https://www.bloomberg.com/profile/company/1580901D:US
  27. https://www.bugcrowd.com/blog/top-challenges-for-crowdsourced-security-programs-1-achieving-organizational-buy-in/
  28. https://www.prnewswire.com/news-releases/bugcrowd-enters-financial-sector-announces-managed-bug-bounty-program-for-western-union-300048497.html
  29. https://www.bugcrowd.com/wp-content/uploads/2023/12/financial-services-spotlight.pdf
  30. https://bugcrowd.com/vulnerability-rating-taxonomy/1.9.pdf
  31. https://www.bugcrowd.com/blog/bugcrowd-in-2016-transparency-education-and-quality/
  32. https://www.bugcrowd.com/press-release/bugcrowd-launches-disclose-io-open-source-vulnerability-disclosure-framework-to-provide-a-safe-harbor-for-white-hat-hackers/
  33. https://www.bugcrowd.com/press-release/bugcrowd-accelerates-growth-expands-executive-team-and-global-footprint/
  34. https://www.bugcrowd.com/blog/how-it-works-bugcrowd-attack-surface-management/
  35. https://www.bugcrowd.com/blog/bugcrowd-classic-pen-test-launch/
  36. https://www.bugcrowd.com/blog/celebrating-10-years-of-bugcrowd/
  37. https://www.bugcrowd.com/blog/ai-security-in-2024-whats-new/
  38. https://www.bugcrowd.com/press-release/bugcrowd-reports-an-88-increase-in-hardware-vulnerabilities-and-a-2x-spike-in-network-vulnerabilities-2025-ciso-report-reveals/
  39. https://www.bugcrowd.com/blog/bugcrowd-named-a-leader-by-g2-in-fall-2025-report/
  40. https://www.bugcrowd.com/products/bug-bounty/
  41. https://www.bugcrowd.com/glossary/bug-bounty-program-bbp/
  42. https://www.bugcrowd.com/products/vulnerability-disclosure/
  43. https://docs.bugcrowd.com/researchers/onboarding/researcher-onboarding/
  44. https://www.bugcrowd.com/press-release/bugcrowds-crowdsourced-cybersecurity-platform-helps-pay-over-2-million-to-researchers-for-samsung-mobile-rewards-program/
  45. https://www.securityweek.com/samsung-bug-bounty-program-payouts-reach-5m-top-reward-increased-to-1m/
  46. https://bugcrowd.com/engagements/immutable
  47. https://bugcrowd.com/engagements/rapyd
  48. https://bugcrowd.com/justeattakeaway
  49. https://www.bugcrowd.com/wp-content/uploads/2023/12/Rapyd-Case-Study.pdf
  50. https://www.bugcrowd.com/products/pen-test-as-a-service/
  51. https://www.bugcrowd.com/products/attack-surface-management/
  52. https://www.bugcrowd.com/products/rtaas/
  53. https://www.bugcrowd.com/blog/what-is-penetration-testing-as-a-service/
  54. https://www.bugcrowd.com/blog/introducing-bugcrowd-red-team-as-a-service-rtaas/
  55. https://www.bugcrowd.com/solutions/ai/
  56. https://www.bugcrowd.com/press-release/bugcrowd-unveils-ai-connect-to-speed-vulnerability-response-adds-asset-view-for-full-attack-surface-visibility/
  57. https://www.bugcrowd.com/blog/launching-bugcrowd-university/
  58. https://github.com/bugcrowd/bugcrowd_university
  59. https://bugcrowd.com/leaderboard
  60. https://www.bugcrowd.com/blog/the-breakthrough-hacker-of-2025-bronxi/
  61. https://www.bugcrowd.com/blog/announcing-the-bugcrowd-ingenuity-awards-celebrating-excellence-among-hackers-and-industry-leaders/
  62. https://www.bugcrowd.com/events/blackhat-usa-2025/
  63. https://www.bugcrowd.com/events/def-con-33/
  64. https://www.linkedin.com/posts/bugcrowd_2025-hacker-showdown-has-begun-your-teams-activity-7379556829892177920-7Maw
  65. https://www.bugcrowd.com/webinar/
  66. https://www.bugcrowd.com/blog/2025-cybersecurity-predictions/
  67. https://disclose.io/
  68. https://www.bugcrowd.com/press-release/bugcrowd-partners-with-samsung-to-reward-security-researcher-community/
  69. https://www.bugcrowd.com/blog/how-crowdmatch-strengthens-crowd-engagement-and-improves-researcher-rewards/
  70. https://www.prnewswire.com/news-releases/bugcrowd-raises-6-million-in-series-a-funding-to-further-accelerate-enterprise-adoption-of-crowdsourced-security-300049528.html
  71. https://www.bugcrowd.com/press-release/bugcrowd-raises-15-million-bring-bug-bounty-security-platform-companies-around-globe/
  72. https://www.bugcrowd.com/press-release/bugcrowd-secures-26-million-series-c-2018/
  73. https://techcrunch.com/2020/04/09/bugcrowd-series-d/
  74. https://www.bugcrowd.com/press-release/bugcrowd-secures-102-million-in-strategic-growth-funding-to-scale-ai-powered-crowdsourced-security-platform/
  75. https://www.bugcrowd.com/blog/bugcrowd-secures-50-million-growth-capital/
  76. https://forgeglobal.com/bugcrowd_stock/
  77. https://www.paladincapgroup.com/paladin-portfolio-company-bugcrowd-secures-30-million-in-series-d-funding-to-address-rapidly-growing-needs-for-on-demand-access-to-security-resources/
  78. https://globalventuring.com/university/bugcrowd-sources-26m-in-series-c/
  79. https://www.reuters.com/technology/bugcrowd-raises-102-million-general-catalyst-others-2024-02-12/
  80. https://www.bugcrowd.com/press-release/bugcrowd-acquires-informer-to-enhance-offerings-across-attack-surface-management-and-penetration-testing/
  81. https://www.bugcrowd.com/blog/bugcrowd-acquires-informer/
  82. https://techcrunch.com/2024/05/23/bugcrowd-the-crowdsourced-white-hat-hacker-platform-acquires-informer-to-ramp-up-its-security-chops/
  83. https://www.bugcrowd.com/press-release/bugcrowd-acquires-mayhem-security-to-bring-human-augmented-ai-automation-to-security-testing/
  84. https://cyberscoop.com/bugcrowd-mayhem-security-acquistion-ai-security-testing/
  85. https://www.channele2e.com/news/bugcrowd-acquires-mayhem-security-to-advance-ai-augmented-offensive-testing
  86. https://www.helpnetsecurity.com/2025/11/04/bugcrowd-mayhem-security-acquisition/
  87. https://www.crn.com/news/security/2025/bugcrowd-acquires-mayhem-security-to-boost-autonomous-app-testing
  88. https://www.bugcrowd.com/press-release/bugcrowd-crowdsourced-security-solutions-now-available-on-aws-marketplace/
  89. https://www.bugcrowd.com/press-release/bugcrowd-joins-aws-isv-accelerate-program/
  90. https://www.bugcrowd.com/solutions/vp-engineering/
  91. https://www.securecodewarrior.com/partners/bugcrowd
  92. https://www.climbcs.com/news/climb-channel-solutions-announces-north-american-alliance-with-bugcrowd/
  93. https://securitybrief.co.uk/story/bugcrowd-partnership-enhances-globaldots-security-services
  94. https://www.bugcrowd.com/press-release/bugcrowd-launches-new-reseller-partnership-with-socialproof-security/
  95. https://www.bugcrowd.com/press-release/bugcrowd-and-pretera-join-forces-to-accelerate-proactive-security-for-enterprises/
  96. https://bugcrowd.com/engagements/nasa-vdp
  97. https://www.bugcrowd.com/blog/cisas-vdp-platform-annual-report-explained/
  98. https://www.bugcrowd.com/press-release/bugcrowd-taps-top-hackers-for-live-hacking-event-with-indeed-at-2022-black-hat-conference/
  99. https://www.infosecurity-magazine.com/news/tesla-debuts-bug-bounty-program/
  100. https://bugcrowd.com/atlassian
  101. https://www.bugcrowd.com/bug-bounty-list/
  102. https://thehackernews.com/2021/02/top-5-bug-bounty-programs-to-watch-in.html
  103. https://bugcrowd.com/engagements/expressvpn
  104. https://bugcrowd.com/mastercard
  105. https://bugcrowd.com/engagements/squareopensource
  106. https://www.securityweek.com/western-union-launches-public-bug-bounty-program/
  107. https://www.bugcrowd.com/press-release/department-of-defense-selects-bugcrowd-to-hack-the-pentagon/
  108. https://www.bugcrowd.com/blog/the-u-s-air-force-sends-in-the-good-guys-to-hack-its-cloud-with-bugcrowd/
  109. https://bugcrowd.com/fitbit
  110. https://www.bugcrowd.com/blog/get-involved-with-seeks-10k-bug-bounty-program/
  111. https://www.bugcrowd.com/customers/catawiki/
  112. https://bugcrowd.com/engagements/bolt-og
  113. https://www.bugcrowd.com/blog/inside-the-mind-of-a-ciso-2025/
  114. https://www.prnewswire.com/news-releases/bugcrowd-reports-an-88-increase-in-hardware-vulnerabilities-and-a-2x-spike-in-network-vulnerabilities-2025-ciso-report-reveals-302563686.html
  115. https://www.darkreading.com/mobile-security/bugcrowd-s-crowdsourced-cybersecurity-platform-helps-pay-over-2m-to-researchers-for-samsung-mobile-rewards-program
  116. https://bugcrowd.com/expressvpn
  117. https://github.com/bugcrowd/vulnerability-rating-taxonomy
Add your contribution
Related Hubs
User Avatar
No comments yet.