Additional Info

Company size (employees)100 to 499
Headquarters RegionNorth America


Bugcrowd has seen five consecutive years of growth since its founding in 2012 — with 2018 set to make that number six. The number of bug bounty programs run on the Bugcrowd platform has doubled year over year and the number of enterprise customers has tripled. Bugcrowd helps customers scale their vulnerability management process, identifying more critical security vulnerabilities missed by traditional security assessment methods for better utilization of internal security teams. The pay-for-results model improves upon vulnerability scanning, which only discovers known issues, and penetration testing results, which are limited in perception and scale. Additionally, Bugcrowd’s fixed pricing allows for predictable budget and is scalable. Because Bugcrowd provides full transparency into every dollar spent, customers are able to accurately calculate the ROI of their crowdsourced security program.

As an example of Bugcrowd’s efficacy, a Fortune 500 company discovered a massive ROI by deploying a program with Bugcrowd. 90 vulnerabilities were reported within the first 30 days compared to just 15 discovered by their previous penetration test. They also received 7 times as many critical and high severity vulnerabilities. In another instance, a researcher submitted a vulnerability within the first 24 hours of testing, which saved the customer an estimated $2.8 million dollars it would have cost if the vulnerability had been exploited in the wild.

While 80 percent of our customers are private, some that we can name are: Mastercard, TripAdvisor, Pinterest, Motorola, FitBit, Western Union, OWASP, Tesla and Fiat Chrysler of America.

How we are different

95 percent signal-to-noise ratio: Bugcrowd’s managed programs only see industry-leading results, so customers spend less time dealing with false positives. We are uniquely positioned as a “SaaS security enabled marketplace,” where the industry’s most robust program management and support is supercharged by our Crowdcontrol platform analytics and automation to enable discovery of 10x more critical vulnerabilities at a 95 percent signal to noise ratio.

< 12 hour time to first touch: On average, our larger, more experienced team of application security engineers triages bugs in less than a day, helping organizations reduce risk faster. In May of this year, Bugcrowd helped a global financial services company identify the very same vulnerability that reportedly led to the Equifax breach. One of our researchers found this vulnerability and submitted it through our platform. This helped ensure the vulnerability received the prioritization warranted, resulting in immediate remediation by the customer’s engineering team, well ahead of any damaging attacks.

Superior transparency and efficiency with zero hidden fees: Bugcrowd believes that bounty pool dollars should be reserved for the researchers finding the vulnerabilities. Unlike the competition, Bugcrowd never takes a commission or cut of researcher payouts. Researchers always receive 100 percent of earned bounties, ensuring proper incentives for the highest caliber results.