On the day of the announcement, the Bugcrowd executive team had the opportunity to take a tour of the New York Stock Exchange (NYSE), be interviewed by Trinity Chavez on her “Taking Stock with Trinity Chavez” series, and a day later, we unveiled our brand new billboard on the Nasdaq tower in Times Square. Not a bad 48 hours, if I do say so myself. 

As the Head of Corporate Marketing at Bugcrowd, I lead our corporate brand efforts, which include public relations, social media, creative design, content, website strategy, and more. In this blog, I’ll walk you through how we got to this momentous milestone in cybersecurity history and give you a sneak peek into this amazing (and a bit crazy) time at Bugcrowd. 

An opportunity to be bold

About three weeks before the funding was announced, I was brought in with members of my team to build out and execute on a launch strategy from start to finish. My goal was to find opportunities to amplify the Bugcrowd story and celebrate a huge win in the cybersecurity community. 

There were a few very specific, bold things I wanted to do as part of this announcement. With my team, I started coordinating interviews and the logistics of getting a billboard up in Times Square. It was important to me that we make a big splash and go all-out with this announcement, while remaining tasteful and timely. 

I come from a place of trying everything and being willing to take a risk. My first step was getting buy-in from our executive stakeholders. To do this, I built a business case for these ideas, focused on the outcomes that we were trying to achieve and the impression that this would leave behind. Opportunities for brand impact like this don’t show up every day, and I wanted to pounce on the chance to celebrate a milestone while making our brand story come alive. 

Crunch time

About a week before we went live, we still weren’t sure if a splash this big was going to be possible. We knew it was the right strategy, but we still weren’t sure how it was going to come together. With the help of the teams at the NYSE and Nasdaq, plus our PR and internal teams at Bugcrowd, we were able to make it happen. 

Part of this success can be contributed to a member of my team, Samuel Tyler, Director of Content and Creative. Building creative visuals with the correct specifications for something so big is a huge task anyway—not to mention, he only had the weekend to pull it off. Talk about a lot of pressure! 

As always, Samuel made it happen. Here’s what he had to say…

“Creating our design for the Nasdaq billboard was challenging! We needed to maximize impact and visibility from the street but this was tricky due to the distinctive structure, which has 26 “windows” (read: literal holes). Initially, we explored an anamorphic concept that centered on these windows. By playing with light, shadow, and motion, we created an illusion of depth on the screen. Inside, a ball of light symbolizing hacker creativity lit up, dispersing shadows as it moved. However, this approach came with risks. We had to ensure the animation appeared undistorted from all angles. Even with flawless execution, there was still a chance the design might not align perfectly with the actual windows, potentially compromising the effect. Fortunately, we gravitated towards a different concept inspired by the simplicity of classic ’70s and ’80s print ads. The bold typography and color blocking capture the vibrancy of those iconic decades, reminiscent of when creative first got its crown in the boardroom. This parallels modern cybersecurity culture, where organizations are increasingly looking to collaborate with hackers to leverage their clever thinking and diverse perspectives.”

Samuel Tyler Director of Content and Creative Bugcrowd

Touring the NYSE and a rainy day in Times Square

As the announcement was going live, I joined the executive team at Bugcrowd at the NYSE. The team at the NYSE welcomed us with open arms, which included a tour of the historical building. As we went through the tour, seeing pictures of world-renowned business leaders over the years, and getting the chance to be right in the center of such a historical place was a special moment for us all. In that type of situation, you really think about where your own company is going and the history that you’re in the middle of making. It was absolutely a bucket-list moment for all of us. 

This was especially true for our founder and Chief Strategy Officer, Casey Ellis. “In 2013, I remember pitching (and winning) a startup contest in SIlicon Valley against 300 other startups as ‘The Most Likely to Succeed.’ Fast forward to over a decade later, it was pretty surreal to stand on the floor of the New York Stock Exchange with Bugcrowd’s name up on the boards as we announced our funding,” Ellis said.

Casey Ellis, Bugcrowd founder and CSO, and Dave Gerry, Bugcrowd CEO, at the New York Stock Exchange.

The Bugcrowd executive team at the New York Stock Exchange.

The next day, the team gathered in the snow and rain in the center of the buzz of New York City—Times Square. As Bugcrowd’s funding announcement and logo shined on the massive Nasdaq tower, we were all in awe. I had the biggest smile on my face and just kept thinking, “wow, this is actually happening.”

The Bugcrowd executive team in Times Square.

Although this was absolutely one of the coolest moments in my career so far, it is about more than a tour or a billboard. It’s about impact. We are a new Bugcrowd, and we took advantage of an opportunity to truly assert ourselves as the leader in the crowdsourced security market.

Bugcrowd’s defining moment

This moment marks a reset in the security industry. It’s currently a tough market to get funding in, and I’m proud that others are recognizing the uniqueness of the Bugcrowd story. While other companies are fully relying on technology, we focus on the magic that can happen when you combine great technology with human ingenuity. It’s a whole new way of thinking. 

We’ve been viewed as a startup for a long time, but it’s clear that the market has transitioned to seeing us as a cybersecurity leader. I believe this is a testament to the work we’re all doing together as a team. We’re investing in our brand, we’re listening to our customers and hackers, and thinking about things in a more proactive way. We care about being fun and playful with the security community, but we’re really focused on providing the best experience possible to our customers and hackers. 

In the end, Casey says it best. “This is what you get when you combine vision, timing, execution, and persistence. I couldn’t be more proud of the Bugcrowd team, our hackers and cybersecurity community, and our customers and partners. This is a major milestone for the community and the market we pioneered.” 

This certainly doesn’t mark an end, but a beginning. We’re already thinking about where we go from here. I’m incredibly proud to be part of this team during this defining moment. 

Samantha Andersson and Dave Gerry at the New York Stock Exchange.

Emily Ferdinando, Chief Marketing Officer, and Samantha Andersson in Times Square.

The post Behind the Scenes: Bugcrowd in Times Square appeared first on Bugcrowd.

Today marks another significant milestone for Bugcrowd, and I’m thrilled to share that we successfully secured $102 million of strategic growth financing. This investment in Bugcrowd, led by General Catalyst, with participation from our long-term partners Rally Ventures and Costanoa Ventures, reflects our commitment to scaling up Bugcrowd’s AI-powered crowdsourced security platform.

In a landscape where threat actors increasingly deploy sophisticated AI techniques, Bugcrowd’s proactive approach to cybersecurity utilizes a crowdsourced AI-powered platform. This empowers organizations to identify and remediate security vulnerabilities before malicious actors can exploit them. The infusion of new funds will drive continued innovation on the Bugcrowd Platform and accelerate our growth across EMEA, APAC, and the U.S., both organically and through strategic M&A opportunities.

Our mission to redefine crowdsourced security is at the core of what we do, and this strategic investment underscores the dedication of our incredible team, the collaborative hacker community, and the trust our customers place in Bugcrowd’s innovative approach to proactive security.

With this investment, we welcome Mark Crane, Partner at General Catalyst, and Paul Sagan, Senior Advisor at General Catalyst, to the Bugcrowd Board of Directors. Paul Sagan will also take on the role of Board Chair. Joining our advisory board are Jeff Simon, Chief Security Officer at T-Mobile, and Prabhath Karanth, Vice President and Global Head of Security and Trust at Navan, serving alongside David Fairman, CIO & CSO – APAC at Netskope.

“I am honored to assume the role of Board Chair at Bugcrowd as they lead the way in the crowdsourced cybersecurity market,” said Paul Sagan, Senior Advisor at General Catalyst. “At this critical juncture for the company, marked by substantial growth and market expansion, along with a rapidly expanding team comprising industry leaders and a community of top-tier hackers, I look forward to providing ongoing support as Bugcrowd enables a new era of cybersecurity.”

Bugcrowd achieved remarkable success in the past year, with over 200 new clients, including notable names like OpenAI, T-Mobile, Rapyd, and ExpressVPN. Our team has grown by 130 new members, contributing to an overall business growth of more than 40% year-over-year, and our Pen Test as a Service (PTaaS) business surged by nearly 100%. Customers have tangibly improved their security postures through Bugcrowd’s Bug Bounty and Vulnerability Disclosure Program (VDP) offerings.

This journey has been incredible, and I look forward to our continued growth, innovation, and collaboration. 

Thank you to our customers, partners, employees, and, of course, the hacker community, for believing in Bugcrowd and helping us transform the crowdsourced security market.

The post Bugcrowd’s Latest Funding Tops $100M to Drive New Growth appeared first on Bugcrowd.

Last year, more than 130 people joined the Bugcrowd team. We anticipate that 2024 will be even bigger. With the following key leadership promotions and strategic hires, we are more ready than ever before to disrupt crowdsourced security and help our clients connect with the ingenuity of the hacker community in order to beat threat actors at their own game. 

Meet Bugcrowd’s promoted leadership

Emily Ferdinando—Emily Ferdinando has been promoted to Chief Marketing Officer at Bugcrowd. With over 15 years of go-to-market leadership experience, Emily has spent the last year at Bugcrowd building a world-class marketing team, focused on building customer demand and helping to rapidly scale our revenue growth. Emily’s background in sales and operations has brought a unique approach to marketing, ensuring both customer and hacker needs are met.

Tanya Gay—Tanya Gay has been promoted to Chief Operating Officer at Bugcrowd. Tanya is a dynamic leader with a wealth of experience spanning more than two decades in sales, revenue operation, and business operations. Her expertise lies in crafting effective go-to-market strategies, bringing a unique blend of strategic vision and tactile execution that aid in creating a better experience for customers, hackers, and Bugcrowd team members. 

Cassandra Morton—Cassandra Morton has been promoted to the role of Senior Vice President, Global Customer Success and Account Management. With over 18 years of experience in customer-facing operations, Cassandra brings a wealth of experience. She uses her expertise to build out successful customer programs, holding a keen focus on delivering positive customer outcomes with a passion for cross-functional team building. 

Meet Bugcrowd’s new VP, Advanced Services Group, Julian Brownlow Davies

To add to this momentum, Bugcrowd is excited to announce that Julian Brownlow Davies is joining our team as Vice President of the Advanced Services Group. The Advanced Services Group is composed of a team of industry-leading pen testers. To launch high-impact pen testing, Bugcrowd’s first-of-its-kind self-service option allows organizations to launch in hours to days, with prioritized vulnerabilities from the Advanced Services Group flowing directly into DevSec processes for fast remediation. With the massive amount of growth the pen-testing-as-a-service industry is experiencing, we’re excited for Julian’s leadership as we continue to help organizations meet compliance goals and reduce risk faster at scale. 

Julian is a seasoned tech services professional with nearly three decades of working in commercial, operational, and leadership roles within start-ups and scale-ups across multiple geographies. Julian has a proven track record in developing and executing strategies that drive above-industry year-on-year growth and experience in scaling commercial and business operations internationally. Julian is a customer focused leader who has already started applying his passion for problem solving and building high performing teams here at Bugcrowd. 

Thank you to Emily, Tanya, and Cassandra for all that you do for the team and welcome Julian to the leadership team. Stay tuned, there is more to come. 

The post Bugcrowd Builds on Momentum with Key Leadership Promotions appeared first on Bugcrowd.

As I look back on my first full year as CEO of Bugcrowd, I am in awe of the Bugcrowd team, all that we’ve accomplished together, and most importantly, the opportunity that is in front of us. I want to take a moment to publicly celebrate some of the biggest wins of the past year. 

Highlights from 2023

• Driving value for our customers—Throughout 2023, we continued to build our customer community, with special focus on driving continuous improvement and growth for our clients. I regularly speak to organizations making the switch to Bugcrowd, and one of the top reasons cited for changing their crowdsourced security vendor is Bugcrowd’s approach to long-term success. It is our top priority to stay the #1 crowdsourced security platform for customer success. I am incredibly proud of the trust that so many organizations put in Bugcrowd and I recognize the immense responsibility that comes with this trust. 

• Driving value for the hacker community—In the last 12 months, we’ve seen a tremendous amount of growth in the community that leverages the Bugcrowd Platform, including over 50,000 new hackers joining our platform, payments increasing, and hundreds of thousands of vulnerabilities submitted. Our SecOps teams, in partnership with Support, Customer Success, and many other parts of the business, have risen to meet the demand for our services and driven immense value for customers and hackers in the process.

• Continuing to build our culture—One of the things that most struck me when I joined Bugcrowd was the fierce defense of our culture. It’s been inspiring to watch so many folks from diverse backgrounds and geographies come together to drive something so special. And it isn’t just our employees who create this culture…it’s every hacker and customer that comes together to build something great. Just take one look at our X (formerly Twitter) channel and you’ll immediately get a glimpse into our culture. I love seeing our extended community come together to find up-to-date cybersecurity news, vent about common challenges, and crack a joke or two.

• Building on our culture of innovation—Innovation is at the core of what we do. Throughout 2023, the Product and Engineering Teams came together to deliver on several product updates. In April, we released self-service onboarding for pen testing as a service, meaning you can buy, configure, launch, and see real-time results from a human-driven Bugcrowd Standard Penetration Test in just a few clicks. We also made two major changes to the VRT—a general update reflecting changes to the current threat environment, including a new top-level category, and an AI-focused update, defining and prioritizing AI vulnerabilities for the first time in history. 

• Continuing to inform public policy—At Bugcrowd, one of our top priorities is to make the internet a safer place to hack. I’m incredibly proud of the work we’ve done in partnership with the Hacking Policy Council to create a more favorable legal environment for vulnerability disclosure, bug bounties, and good faith hacking. You can find out more about the work we’ve done with Casey Ellis, Chief Strategy Officer, to inform public policy in Inside the Platform on page 14. 

• Empowering a global ecosystem of trusted partners—Just last week, we launched the CrowdConnect Partner Program to empower global partners to leverage the crowd to defend against today’s fast moving cyber adversaries. This program stands out in the industry, offering deal protection with healthy margins and rewarding partners benefits for value and volume, rather than other programs in the market driven by complex and shifting tiers. 

Looking forward to 2024

This year at Bugcrowd, we are focusing on continuing to take care of each other, our customers, and the hacker community. 

We hear time and time again that organizations need to revamp their legacy bug bounty and pen testing programs by leveraging a modern, multi-solution platform to drive their security outcomes. To assist with this goal, we offer support to any organization looking to make a change:

• Leverage an onboarding period that allows you to migrate off legacy tools while you launch your program on the Bugcrowd Platform.
• Work with a designated customer success team, focused on making you and your program successful.
• Take advantage of marketing support programs to help amplify your programs to the hacker community and drive faster engagement. We recently launched the Bugcrowd Insiders Program to empower our customers to amplify their programs within the hacker community and help them drive a more secure supplier network by providing incentive pricing to their supply chain of partners & vendors.

Thank you for a great 2023 and for all that we’ll accomplish together in 2024. I’m more confident than ever that what we’re all building collectively is something truly special. 

The post Leading the Crowdsourced Security Charge–Bugcrowd 2023 Recap appeared first on Bugcrowd.

We’re absolutely ecstatic to release our flagship annual report: Inside the Platform: Bugcrowd’s Vulnerability Trends Report. You may remember this piece based on its previous name: Priority One. 

What is Inside the Platform?

Inside the Platform is a magazine-style piece that features an analysis of all the crowdsourced security vulnerability submissions handled through the Bugcrowd Platform in 2023. The report leverages these data to offer trends and insights for CISOs and security leaders. 

Specifically, the report looks at vulnerability submission data from every possible angle to attempt to predict the future of cybersecurity. In writing this report, we examined overall submissions, critical submissions, payout data, notable targets, VRT categories, and public vs. private programs. We also broke down the data into six key industry categories. Using this analysis, we forecasted trends and made recommendations on what levers to pull in a crowdsourced security program to achieve success. 

The report also includes qualitative interviews with Bugcrowd customers, thought pieces on the value of an open scope program and how different hacker roles contribute to crowdsourced security, social media spotlights, legal work being done to make hacking safer, and more. 

Key takeaways from Inside the Platform

The 12 articles that Inside the Platform are composed of are jam-packed with data, but here are five highlights:

1. Higher Rewards—The most successful programs were those that offered higher rewards (e.g., $10,000 or more for P1 vulnerabilities).
2. Open Scope—Programs with open scopes saw 10x more P1 vulnerability submissions than those with limited scopes. 
3. Vulnerability Submissions by Industry—The government sector experienced a 151% increase in vulnerability submissions and a 58% increase in the number of P1s rewarded in 2023 compared to 2022. 
4. P1 Payouts by Industry—The financial services industry and government sector offered the highest median payouts for P1 vulnerabilities ($10,000 and $5,000, respectively). 
5. AI—A new AI-related category was added to Bugcrowd’s Vulnerability Rating Taxonomy (VRT). This addition reflects the profound influence that AI has had and will have on the threat environment and the ways that hackers, customers, and the Bugcrowd triage team view certain vulnerability classes and their relative impacts. 

Where to find more information

The report is live! Keep an eye on our social media for breakdowns of the report from experts at Bugcrowd, plus a webinar later next month. 

The post Inside the Platform: Bugcrowd’s Vulnerability Trends Report appeared first on Bugcrowd.

Over time, the attack surface and submissions associated with the VRT evolve, as do the needs of hackers and customers – so the VRT needs to grow and change, too. In that spirit, we are pleased to announce the latest release, VRT version 1.11, will be rolling out on the Bugcrowd Platform and reflected in our submission form shortly.

Overview of changes

This release includes several updates. As you can see below, they reflect changes to the threat environment, and how hackers, customers, and the Bugcrowd triage team view certain vuln classes and their relative impacts differently than before. 

New Top-Level Category: Cryptographic Weaknesses
A new category has been added to cover all common flaws in the cryptography area. This approach will help guide hackers when submitting a report about a specific weakness – such as insufficient entropy, predictable PRNG or IV, missing cryptography steps, timing attacks, or insufficient key stretching, to name just a few.

Multiple Category Updates: Insecure Direct Object Reference (IDOR)
This category has been a bit of a thorn in the side of hackers for a while now as a single IDOR category with the priority of ‘Varies’ can be frustrating especially when the finding has proven demonstrated impact. Additionally, with a lack of default priority, it could mean a program owner is more exposed than they should be, compared to if it were a P1.

Therefore, we’ve added several specific variants to the category:

• P1 – Read Personal Data (PII) – Iterable Object Identifiers
• P2 – Modify/Delete Sensitive Data – Iterable Object Identifiers
• P2 – Read Personal Data (PII) – GUID/Complex Object Identifiers
• P3 – Modify/Delete Sensitive Data – GUID/Complex Object Identifiers
• P4 – Read Sensitive Data – GUID/Complex Object Identifiers
• P5 – Read Non-Sensitive Information

This change should cover most common IDOR cases. However, hackers who find something that isn’t in these specific variants can always select the top-level category and appropriate adjustments will be made by our triage team.

New Variant: HTML Injection
The existing P4 ‘Email HTML Injection’ variant receives a lot of false-positive submissions from hackers submitting HTML injection in a web application. We did a lot of research on this category, reviewing the outcomes from the P4 false positives and how many led to accepted submissions and resulted in fixes. The answer was: not very many. As a result, the new category for these is considered P5, and you’ll find it under the existing ‘Content Spoofing’ specific vulnerability name. We’ll update existing submissions under the old P4 variant to the new P5 one, accordingly.

Update To Existing Category: Server-Side Request Forgery (SSRF) – External
We reviewed a number of SSRF findings across the existing P4 variant ‘External – Low Impact’. Most of these submissions are not accepted by customers, as they typically arise from intended functionality such as a webhook or image download. As a result, we have moved this category to the P5 level. 

New Specific Vulnerability: HTTP Request Smuggling
Thanks to amazing work by James Kettle at PortSwigger, this category has been revitalized across the internet. We see this vulnerability reported on a daily basis, but more often than not, it has low impact – so, we’re introducing it at the ‘Varies’ priority level in the ‘Server Security Misconfiguration’ category. The triage team will adjust affected submissions as needed.

New Specific Vulnerability: LDAP Injection
While certainly not the most reported vulnerability we see, LDAP Injection was a conspicuous omission in previous versions of VRT. We’ve remedied that by adding it to the ‘Server Side Injection’ category. 

Modified Specific Vulnerability: PII Leakage
The existing ‘PII Leakage’ category is commonly misused, with many hackers simply searching for ‘PII’ in the VRT selection box and selecting this category regardless of whether the specific vulnerability is related to automotive security. As a result, the existing category under ‘Automotive Security Misconfiguration – Infotainment’ has been changed from ‘PII Leakage’ to ‘Sensitive Data Leakage/Exposure’, retaining its usability for automotive submissions specifically.

A new vulnerability called ‘PII Leakage/Exposure’ with the default priority of ‘Varies’ has also been added to the category ‘Sensitive Data Exposure’. We believe that a ‘Varies’ priority is important here because not all instances of PII – a single email address in an AEM response, for example – are a P1 by default. However, the triage team will adjust submissions to a P1 as needed.

Deprecated Specific Vulnerabilities and Variants
‘Existing P4 Cross-Site Scripting IE-Only / IE11’ has been removed and the existing P5 category ‘Cross-Site Scripting – IE Only < IE11’ modified to cover all versions of IE. These changes have been pending for some time due to Microsoft retiring Internet Explorer version 11 in 2022.

New Specific Vulnerability: On Permission Change
This vuln is documented by OWASP and other sources, but is also very use case specific. To support these customer use cases, we’ve added it to the ‘Failure to Invalidate Session’ variant of ‘Broken Authentication and Session Management.’

This is a healthy, albeit not major, update to the VRT with contributions from hackers in the Bugcrowd community, our triage team, and our customers. There is still more work to be done, so you’ll soon be hearing from us again very soon about additional changes that reflect the evolving environment.

Why contribute to the VRT?

As we said in the introduction, an open-source governance model helps the VRT evolve at a pace and in concert with the changing environment – but that only happens if hackers and customers actively participate in the process. Contributions to the repository are reviewed by the VRT Council, which meets regularly to discuss new vulnerabilities, edge cases for existing vulnerabilities, priority-level adjustments, and general validation experiences. When the team comes to a consensus regarding a proposed change, it is committed to the master.

If you would like to contribute to the VRT, Issues and Pull Requests are most welcome!

The post Announcing Our Latest Vulnerability Rating Taxonomy Update appeared first on Bugcrowd.

This edition analyzed 1000 survey responses from hackers on the Bugcrowd Platform, in addition to millions of proprietary data points on vulnerabilities collected across thousands of programs. 

We’re happy to see that some of the dated stereotypes of hackers (we’re looking at you, basements and hoodies) are going away. In fact, 89% of hackers believe that companies are increasingly viewing hackers in a more favorable light. This report continues to clear through the fog and mystery around hackers and crowdsourced security as a whole, helping organizations understand how to partner with hackers as an extension of their often under-resourced security team. 

Another exciting part of this edition is a special feature on security in the age of generative AI. The internet is full of fear-mongering articles covering the terrifying consequences AI could have on cybersecurity, but what about ways hackers can use AI to make the world a safer place? We dig into how hackers are using AI technologies to increase the value of their work.

Key Learnings

1. Even in an uncertain economy, the motivations of hackers remain altruistic. 

There is a misconception that hackers, even the ethical kind, are only after money. For many of them, hacking is their full-time career, so of course financial factors are major motivators. However, time and time again, data shows that the heart of hacking is much more complex. 75% of hackers identify non-financial factors as their main motivators to hack and 87% of hackers believe that reporting a critical vulnerability is more important than trying to make money from it. 

2. Top hackers consider generative AI as a tool to leverage, not a threat. 

72% of hackers do not believe AI will ever replicate their human creativity. Although some hackers are concerned about generative AI making their skills irrelevant, many of Bugcrowd’s top hackers disagreed. According to Nerdwell, “If you’re stagnant and don’t grow your skills, then maybe you should be worried about AI, but if you embrace it and use it as a tool, then I believe you’ll likely become even more valuable.” 

3. CISOs are taking generative AI seriously.  

This edition spotlights two CISOs and surveys many others. We found that across the board, CISOs are already considering the potential cybersecurity risks of generative AI. They are approaching these concerns from a technical side, such as data poisoning and prompt injection concerns, and wider issues, such as implications on privacy and traceability. 

Besides new statistics and learnings like the ones in the infographic above, you can also expect to have a little bit of fun reading this report. From in-depth interviews to quizzes to posters, Inside the Mind of a Hacker feels more like a thought provoking magazine than a traditional report. Download it today to learn why organizations can trust hackers to secure their future with confidence.

The post Inside the Mind of a Hacker: 2023 Edition appeared first on Bugcrowd.

What is a CSA STAR Certification?

The Cloud Security Alliance’s Security, Trust, Assurance, and Risk (STAR) certification is a powerful attestation of a cloud service provider’s security practices. A cloud service provider that earns a STAR certification can assure their customers that they’re using industry-leading best practices to secure data in cloud applications.

The CSA’s STAR Program combines the controls and best practices laid out in other information security standards (e.g., ISO/IEC 27001:2013) with the CSA’s own Cloud Controls Matrix (or CCM, their proprietary cybersecurity control framework that covers all aspects of cloud technology) to create one of the most comprehensive cloud security control sets in the industry.

The Benefits of CSA STAR Accreditation

It all comes down to Trust. It means that when you partner with Bugcrowd, you can be rest assured that your sensitive information and critical assets are in safe hands. Our comprehensive security controls, meticulously designed to align with industry best practices, ensure the highest level of protection for your data.

By achieving CSA STAR Level 1 accreditation, we have undergone a rigorous evaluation of our security practices, policies, and procedures. This showcases our dedication to transparency and accountability, as we meet the stringent requirements set forth by the CSA.

Final Thoughts on CSA STAR L1

Bugcrowd’s commitment to cloud security extends beyond mere compliance. We continuously invest in cutting-edge technologies, stay abreast of evolving threats, and leverage industry-leading security frameworks to fortify our platform. Our team of skilled security professionals is dedicated to maintaining a robust security posture, detecting vulnerabilities, and promptly addressing any potential risks.

With the achievement of CSA STAR L1, Bugcrowd is now even better positioned to provide tangible proof of our commitment to upholding the highest cloud security standards. This certification not only demonstrates our dedication to maintaining best-in-class security practices but also enables us to offer our customers a higher level of trust and assurance in our services.

The post Bugcrowd Earns CSA STAR L1 Certification appeared first on Bugcrowd.

Bugcrowd is—and there are many chances for you to connect with us from June 20–22 at ExCeL London:

• Meet members of Bugcrowd’s senior team, including co-founder Casey Ellis at the Aloft London Excel Hotel next door. Discuss your challenges, and learn how the Bugcrowd Platform can help.
• Get your hands on some Bugcrowd swag, and ask us your burning questions about crowdsourced cybersecurity—also at Aloft London Excel.
• On Tuesday evening, join our reception at Tapa Tapa Restaurant for laid-back networking with complimentary drinks and tapas, plus fireside talks with a Bugcrowd customer and hacker.

Click here for details, and reserve your place.

Among the members of Bugcrowd’s senior team attending Infosecurity is Emily Ferdinando, Vice President of Marketing, and one of our newest hires: Vlad Nisic. We say, “newest hires,” but you may recognize his name. Between March 2016 and October 2019, Vlad was Vice President of Sales (EMEA & USA East) for Bugcrowd. After a three-and-a-half year absence, Vlad has returned to Bugcrowd, this time as VP sales for EMEA & APAC.

If you knew Vlad during his first term with Bugcrowd, say hi again. If you didn’t, do introduce yourself and tap into his 25+ years of experience in IT, information security, and digital transformation. Cybersecurity has never been more important, so there’s plenty to talk about!

The post Meet Bugcrowd at Infosecurity Europe 2023 appeared first on Bugcrowd.

In 2023 alone, Bugcrowd, and in particular these new PTaaS capabilities, has won five distinct industry awards. This recent string of wins demonstrates Bugcrowd’s persistence in delivering industry-leading solutions to the market and validation as an accomplished and preeminent organization throughout cybersecurity.

Most recently, our team was recognized by Cyber Defense Magazine’s Global InfoSec Awards as a Hot Company in the Penetration Testing Category for our PTaaS capabilities, along with being recognized as a Gold Winner in the 19th Annual Globee® Cyber Security Awards for the technology. Additionally, Bugcrowd PTaaS was recognized as the Gold Winner in the Pentest-as-a-Service category in the 2023 Cybersecurity Excellence Awards among North American companies between 1,000 and 5,000 employees.

As an organization, we took home two more wins in the Cybersecurity Excellence Award program with recognition as Gold Winner for Cybersecurity Provider of the Year and Silver Winner for Best Cybersecurity Company.

For one, I am so proud to see all of these incredible wins. It’s a huge testament to our stellar team and technology! At Bugcrowd, we are committed to delivering the very best crowdsourced solutions to our customers and ultimately fulfilling our mission to democratize security testing for all.

Our team has taken major strides over the course of the past year to walk out this mission, including a major upgrade to our PTaaS offering, all aimed at staying at the forefront of innovation and leadership within a very saturated cybersecurity market. With a surge of vendors offering security testing solutions, a common concern that we hear is that vulnerability assessments in the market today are often shallow and low impact. 

Our goal was to provide a human-driven, high-impact pen test with a team matched to their precise needs with just a few clicks, cutting configuration time from days to hours. These recent award wins validate our work and the direction we’ve been laser-focused on. By focusing our priorities on our employees, the hacker community, partners and vendors, we are excited to build upon this momentum throughout 2023!

To learn more about our award-winning PTaaS offering, which is now available globally, visit https://www.bugcrowd.com/products/pen-test-as-a-service/.

The post Bugcrowd PTaaS Takes Home Five Awards for Cybersecurity Excellence appeared first on Bugcrowd.