As cybercriminals become
bolder and more technologically
sophisticated, making products
as hack-proof as possible can
feel overwhelming. Fortunately, developers and manufacturers have access to
a worldwide team of experts who think
just like the hackers do—because they’re
You could call Bugcrowd cybersecurity’s version of The Avengers. The San
Francisco-based company is also No.
10 on Fast Company’s 2019 Most Innovative Companies list in the Security
category. With more than 135 employees
and a platform that includes hundreds
of thousands of vetted and skilled
white-hat hackers, the Bugcrowd team
relentlessly searches for vulnerabilities
in its clients’ products. The first hacker
to report a bug gets a “bug bounty”—a
fee based on the bug’s severity and business impact. The company then helps
clients address those issues and build
more secure products.
PLAYING THE INFINI TE GAME
CEO Ashish Gupta thinks of cybersecurity as an “infinite game.” Unlike
finite games—soccer, basketball, baseball, for example—where the players
and rules are known and the goal is
to end the game by winning or losing,
infinite games are fluid. They include
known and unknown players. The
rules are constantly changing, he says,
and the whole idea is to perpetuate the
game. Security is an infinite game, and
Bugcrowd is an infinite player.
And while Bugcrowd uses gamifica-tion in its business model, the realities are
all too serious for clients. Roughly four
months before a well-publicized 2017
credit monitoring bureau data breach,
Bugcrowd’s hackers found the same vulnerability in a financial services client’s
system. They triaged and validated the
web server software bug, enabling the
customer to avert a potentially disastrous
breach by fixing it quickly.
“When you merge creativity with data analytics and a set of people who believe in
making the digitally connected world safer, you can accomplish a lot,” Gupta says.
FIGH TING C YBERCRIME PAYS
Hackers who are serious about finding vulnerabilities and fighting bad actors find
it can pay off. Some on Bugcrowd’s platform have made millions of dollars in bug
bounties. And the platform is open to anyone who has the skills and can also pass
the company’s background check and vetting process.
It’s also a great way to start a career, Gupta says. Bugcrowd’s recent “Inside the
Mind of a Hacker” report found 81% of survey respondents credit bug hunting for
helping them get a job in cybersecurity. And while most bounty hunters are age
18 to 44, there’s an increasing trend toward getting an early start. Once, Gupta
received a direct message on Twitter from a high school student who had just
bought his parents a car with the money he earned as a researcher.
HACKING FOR GOOD
Bugcrowd is committed to helping these skilled hackers use their powers for good.
The company helps ethical hackers develop their skills through Bugcrowd University. Additionally, an ambassador program allows researchers to net work and help
each other. Innovation, quality, and service have been in Raymond’s DNA since the
beginning and are the pillars of their business.
“Our founder, Casey Ellis, has done a phenomenal job finding people at a time
when they can decide to be like the Avengers, where ‘I have this unique skill, and I
need to use it for good,’” Gupta says. “There are a lot of cybersecurity holes in the
world, which we need to help patch. We've done a really good job of helping our
hackers stay on the right side of the battle.” For companies battling cyberadversar-ies, Bugcrowd’s team members could be the “superheroes” they need.
Hackers to the Rescue
USING THEIR POWERS TO MAKE THE DIGITALLY CONNEC TED WORLD SAFER,
THIS CAVALRY OF SKILLED HACKERS MAKES COMPANIES MORE SECURE.
CREATED BY FASTCO WORKS CON TEN T STUDIO AND COMMISSIONED BY
EMPLO YEES AND
at the 2018
Bash in Sydney,