Bugcrowd

Bugcrowd is a crowdsourced security platform. It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.

History
Bugcrowd was founded in Sydney, Australia in 2012. , its main headquarters is in San Francisco, with other offices in Sydney and London.

In May 2024, Bugcrowd acquired attack surface management company, Informer.

Funding
Bugcrowd has raised a total of $78.7 million in funding over 6 rounds. Their seed funding started in 2013 to increase their 3000 vetted security testers. This seed funding was primarily led by Rally Ventures and they were able to raise $1.6 million.

Series A funding round took place in 2015 and was led by Costanoa Ventures, raising $6 million.

Blackbird Ventures led funding for their Series B round with $15 million raised in April 2016.

In March 2018, it secured $26 million in a Series C funding round led by Triangle Peak Partners.

Bugcrowd announced Series D funding in April 2020 of $30 million led by previous investor Rally Ventures.

Clients
, Bugcrowd worked with 65 industries across 29 countries. Their clients have included Tesla, Atlassian, Fitbit, Square, Mastercard, Amazon and eBay.

Bugcrowd's first partner in the financial industry was Western Union, in 2015. Originally a private, invite-only program, it was later opened to the public, with rewards varying between $100 and $5000 depending on the bug. In 2020, Bugcrowd helped National Australia Bank become one of the first banks in Australia to launch a bug bounty.

Samsung has also worked with Bugcrowd, rewarding a total of over $2 million in rewards to those who found bugs in Samsung's security.

Job platform Seek has been using Bugcrowd since 2019 with the highest reward from their bug bounty program being $10,000.

In 2020, ExpressVPN worked with Bugcrowd, awarding $100 to $2500 depending on the severity of the vulnerabilities that were found, with 21 critical findings identified.

Bugcrowd also runs programs for the U.S. DOD, the Air Force and DDS.

Other projects
In 2018, Bugcrowd and CipherLaw's Open Source Vulnerability Disclosure Framework, together with the #LegalBugBounty project, created the open-source project disclose.io, which aims to create an open-source standard for bug bounties and vulnerability disclosures to help hackers and organizations work together to make the Internet safer.

The company also runs Bugcrowd University, which provides educational resources to help the public learn how to code, find bugs in security systems and patch them.