“We have used other security programs in the past to supplement our internal security audits but these were costly and happened one to two times per year at best. With Bugcrowd, we’ve added an always-on approach to security.”
"We have products that cover a wide variety of applications that utilize various technologies, so we need security testing that can cover all those areas. Bugcrowd’s Ongoing Private Bug Bounty is the best way to get the coverage. Of course, this entire line of thinking starts with the premise that we think product security is of the utmost importance – we want to find the problems before someone else does so that we can help keep our customers secure."
“Our bug bounty program is a key part of our security strategy.”
“We decided to run a bug bounty program in order to get access to a wide variety of security testers. Hiring security researchers is very difficult in today’s market, and even if you can find one, chances are good that person will be a specialist in only one or two areas.”
“We think of the bug bounty program as ‘part of this complete breakfast’. You have all these internal activities, and the Bugcrowd program for us is a nice supplement to those things–it catches bugs that our internal testing didn’t catch. It also gives us information in what it doesn’t report.”
"The cybersecurity landscape constantly evolves, demanding fresh approaches to identifying and addressing unique vulnerabilities. This bug bounty program allows BigCommerce to expand diversity beyond our global workforce. By partnering with external researchers who have different backgrounds and experiences, we are confident that we can mature our company’s security practices and better protect our employees and customers."
“By adding the power of the talented researcher community to our Product Security program, we’ve learned a lot about how people outside the company think about our products, additional scenarios where products can be at risk and what else we could do to protect our products. We’ve used this information to put a sharper focus on the areas of greatest risk, which has been invaluable to us as we scale.”
“Our bug bounty plays a key role in our Product Security program. It has helped us to define and shape this program. We are getting access to a large talent pool who are incentivized to test, find and report security vulnerabilities on our platform. This is a win-win situation for everyone.”
"Combining pen testing and bug bounty through Bugcrowd helps our team meet immediate security requirements while proactively reducing risk. It gives us the scale and agility to stay ahead of today’s biggest threats and tomorrow’s unknown challenges."
“It’s a no brainer. You’re getting a much larger pool of people with different back grounds. Whether they’re cloud or mobile or firmware and they’re looking at the product. You get a much better sense of the quality and security of the device rather than going to one or two people.”
“In the tax preparation software industry, we deal with highly sensitive data for a large number of individuals. You can pretty much learn anything you want to know about an individual from their tax return. And because of that, we need to make sure the data stays completely secure, which starts with making sure the applications we’re developing are secure as well.”
“With Bugcrowd we are able to ensure that our communications with researchers is consistent, while also providing our development teams with actionable and validated vulnerabilities. We are excited to extend our program and continue enjoying the benefits of crowdsourced security testing.”
“The hacker community can outrun threat actors at an unprecedented pace. Not even the largest security teams can do what Bugcrowd can achieve.”
"An underrated benefit of Bugcrowd is the service their Application Security Engineers provide in triaging incoming reports. They free up our Security Engineering Team to focus attention on building security in by design and addressing issues directly with dev teams."
“It’s a win-win situation—either the Crowd finds something we didn’t see, in which case we can fix it. Or they don’t find anything, which validates our efforts.”
FeaturedCustomers has 1,873,716+ validated customer references
including reviews, case studies, success stories, customer stories,
testimonials and customer videos that will help you make better
software purchasing decisions.