In a testament to how security testing for software has evolved, Bugcrowd has reported a 400% growth in revenue year-over-year. It has also more than doubled its customer base while tripling employee headcount from 2014.
The company, which uses a crowdsourced security testing model for enterprise software and applications, had record results for its fiscal 2015 Q3 quarter. In addition to the numbers already mentioned, it also marked a 116% retention rate, and increased payouts to the 20,000+ security researchers signed up on its platform by 200% over 2014 Q3 payouts. The average payout is 1.81 times higher than it was last year.
Bug-finding is a well-worn track: Google, Facebook, Microsoft and PayPal all have high-profile bug bounty programs that make headlines for shelling out millions of dollars in rewards to those uncovering previously unknown vulnerabilities. The pay-to-hack community is a vibrant one, with events like Pwn2Own, the HP Zero-Day Initiative and other hacking contests attracting healthy competition and big-dollar prizes.
Bugcrowd takes on a middle-man role, contracting with clients interested in finding vulnerabilities and then deploying its army of Bugcrowders (consisting of hackers, amateurs, and security professionals from around the world) to scour and poke and code away, looking for holes.
"Every company is vulnerable, and staying ahead of the attackers relies on winning the race to discover and fix these vulnerabilities before they do," said Casey Ellis, CEO and co-founder of Bugcrowd. “Bug bounties provide something that is increasingly absent in security solutions, which is a human element. In our case, it just so happens to be a vibrant, growing community of experts, and a platform that connects them to the task with astonishing efficiency. We founded Bugcrowd in 2012 with a simple thesis; the only logical way to compete with an army of adversaries is with an army of allies."
A number of security teams have opted to work with Bugcrowd to manage their bug bounty programs, including companies like Pinterest, Western Union, Blackphone and Silent Circle, Drupal, Tesla and others. New customer acquisitions came from a broad range of industries, ranging from mid-sized to Fortune 500 companies, financial services, media, retail, telecommunications, business to business technology, software, application service providers, automotive and healthcare.
"Bugcrowd exponentially scales our line of defense, providing us access to more than 20,000 of the best security minds in the industry," said Kim Green, CISO of Zephyr Health. "In 2015 alone, we've read about a handful of successful data breaches from within our own healthcare space, and it's clear that the cyber-attacks are only going to grow to be more aggressive. With Bugcrowd's help, Zephyr Health was able to transform our own company development to prioritize security, leaving no stone unturned."