51 Bugcrowd Testimonials

“We looked at several programs, but Bugcrowd offered the best services for validating submissions while avoiding spurious effort."

“We’re dealing with customers who trust us with the security of their applications, assets, and user data. We need to demonstrate how we’re protecting their data, so for us, being a step ahead of that is very important. That’s why a service like Bugcrowd is perfect for us.”

"By adding a managed bug bounty program through Bugcrowd, we are adding one more layer to our security program."

“We like Bugcrowd’s approach. A structured format for reporting issues helps drive better quality bugs and filter out noise while the handling of bounty payments is a huge time savings for us. Having a third party help manage researchers will be very valuable.”

“The Jira integration was a huge value-add for us. We’ve built our communication channel inside the company is designed all around Jira. The fact that we could bolt on Bugcrowd’s solution to our Jira system and extend that in through our current communication channel made that portion of the transition that much easier.”

“We have used other security programs in the past to supplement our internal security audits but these were costly and happened one to two times per year at best. With Bugcrowd, we’ve added an always-on approach to security.”

"The number of Bugcrowd findings is a true measure of our maturity as a company. I want to get to a point in the not too distant future where I am showing a graph at every board meeting that shows a meager number of Bugcrowd findings and not for lack of attention but due to our focus on enhancing our application security."

"Bugcrowd is a great partner for us—the researchers are like an extension of our own security team. Working together we can reduce duplication, coordinate responses, and continuously improve the quality and quantity of submissions. A crowd-sourced approach to security helps us to innovate faster and safeguard customer trust and our reputation."

"Magecart attacks, personal data exfiltration, and account takeovers are a concern in the travel industry, so we’re particularly interested in vulnerability reports relating to those areas to keep our customers safe."

"Bugcrowd does a wonderful job weeding out the noise so we can get to the real issues."

“Intercom’s business relies on customer trust. To keep this trust we need to use the best tools available to keep our customers’ data secure. Our private bug bounty program with Bugcrowd allowed us to tap into the creativity and abilities of hundreds of security researchers to find and report the most complex bugs – the ones vulnerability scanners just can’t uncover. Now we’re expanding our program for access to a bigger pool of researchers to improve our ability to find and fix vulnerabilities.”

“At Okta, we’re squarely focused on customer success. For my security team, that translates directly to customer security and assurance. Our private bug bounty program with Bugcrowd expanded coverage of my internal attack team by adding a solid bench of diversity and breadth of capabilities.”

"National Australia Bank wanted to establish a formal and uniform way for security researchers to disclose potential vulnerabilities."

“By adding the power of the talented researcher community to our Product Security program, we’ve learned a lot about how people outside the company think about our products, additional scenarios where products can be at risk and what else we could do to protect our products. We’ve used this information to put a sharper focus on the areas of greatest risk, which has been invaluable to us as we scale.”

“Our bug bounty plays a key role in our Product Security program. It has helped us to define and shape this program. We are getting access to a large talent pool who are incentivized to test, find and report security vulnerabilities on our platform. This is a win-win situation for everyone.”