Wikipedia:Articles for deletion/Bugcrowd


 * The following discussion is an archived debate of the proposed deletion of the article below. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review).  No further edits should be made to this page.

The result was keep. Source analysis uncontested. czar 22:09, 12 April 2020 (UTC)

Bugcrowd

 * – ( View AfD View log  Stats )

Very few independent and reliable sources where the company is the primary subject of the publication. For example, the 'New York Times' article is actually about another company but mentions Bugcrowd in passing as a competitor. Other sources are republished press released. I do not believe SIGCOV has been demonstrated. Mkdw  talk 19:04, 22 March 2020 (UTC)
 * I would like to note that this article was previously deleted as part of a massive undisclosed paid editing ring: ANI. Mkdw  talk 19:07, 22 March 2020 (UTC)
 * Note: This discussion has been included in the list of Companies-related deletion discussions. Shellwood (talk) 19:05, 22 March 2020 (UTC)
 * Note: This discussion has been included in the list of California-related deletion discussions. Shellwood (talk) 19:05, 22 March 2020 (UTC)

Keep per the significant coverage in multiple independent reliable sources.    <li></li> <li></li> <li></li> <li></li> <li></li> <li></li> <li></li> </ol>

<ol> <li> The book has a section titled "Bugcrowd in Depth". The book notes: "Bugcrowd is one of the leading crowd-source platforms for vulnerability intake and management. It allows for several types of bug bounty programs, including private and public programs. Private programs are not published to the public, but the Bugcrowd team maintains a cadre of top researchers who have proven themselves on the platform, and they can invite a number of those researchers into a program based on the criteria provided. In order to participate in private programs, the researchers must undergo an identity-verification process through a third party. Conversely, researchers may freely submit to public programs. As long as they abide with the terms of the platform and the program, they will maintain an active status on the platform and may continue to participate in the bounty program. If, however, a researcher violates the terms of the platform or any part of the bounty program, they will be banned from the site and forfeit any potential income. This dynamic tends to keep honest researchers honest. Of course, as they say, “hackers gonna hack,” but at least the rules are clearly defined, so there should be no surprises on either side. CAUTION You have been warned: play nicely or lose your privilege to participate on Bugcrowd or other sites! Bugcrowd also allows for two types of compensation for researchers: monetary and Kudos. Funded programs are established and then funded with a pool to be allocated by the owner for submissions, based on configurable criteria. Kudos programs are not funded and instead offer bragging rights to researchers, as they accumulate Kudos and are ranked against other researchers on the platform. Also, Bugcrowd uses the ranking system to invite a select set of researchers into private bounty programs. The Bugcrowd web interface has two parts: one for the program owners and the other for the researchers."</li> <li> The article notes: "Bug bounty programs first became popular after their success at technology companies such as Google Inc. and Facebook Inc. But Bugcrowd wants to help smaller businesses or companies that aren’t in the technology sector crowdsource researchers to test their applications. Companies that use Bugcrowd may pay a bounty. The San Francisco-based company raised $15 million in Series B funding led by the Australian firm Blackbird Ventures and had participation from Salesforce Ventures. Existing investors Costanoa Venture Capital, Industry Ventures, Paladin Capital Group and Rally Ventures also participated in the round. ... As Bugcrowd looks to expand with its new funding, it faces competition from HackerOne, which raised $25 million in a Series B last year. HackerOne touts clients such as Uber Technologies Inc., Twitter Inc., Adobie Inc. and General Motors Company on its website. When the Pentagon launched its first bug bounty program earlier this year, it opted to use HackerOne’s platform." The article includes quotes from Bugcrowd Chief Executive Casey Ellis.</li> <li> The article notes: "He said he reported the threat through Bugcrowd, the vulnerability reporting service that Netflix uses to receive disclosures from hackers and pay them a reward in exchange. On March 11, Bugcrowd sent Kakumani a reply that said the weakness he reported was out of scope with the bounty program. Bugcrowd went on to tell the researcher that its terms of service barred him from publicly disclosing or discussing the weakness."</li> <li> The article notes: "Another success story is Bugcrowd. Launched in 2012, it too acts as a go-between between vendors and researchers, as well as offering an end-to-end bug bounty programme management service for vendors. Bugcrowd invites vendors to declare which websites or apps that want hackers to test. It then gets over 4,000 external, vetted (or ‘curated’) researchers to search for security flaws – thereby ‘crowdsourcing’ the bug hunting – and pays them in both cash and ‘kudos’ via a points-based system. Bugcrowd manages the bounty programmes on behalf of the vendor, reviewing and validating and bugs found and handing out the rewards. It also offers vendors the choice of going out to the whole crowd of researchers or just the best ones – those with the most ‘kudos’."</li> <li> The article notes: "Bugcrowd's platform allows organisations to crowd source cyber security skills from thousands of cyber security experts, from professional to enthusiasts and everything in between. Its main offering is a public bug bounty program that organisations can use to offer sums of money for people who find and report security holes in their services and software, which increase with the severity of the issues they uncover. ... It's difficult to get full visibility on demand for Bugcrowd's services. About 84,000 researchers have signed up for its bug bounty program to address a market of 90 organisations, including Netflix, Mastercard, Netgear, LastPass, Tesla and Australia's favourite tech unicorn, Atlassian. However, the rest of its business is carried out under non-disclosure agreements with individual organisations and involves using hand-picked researchers that have been subjected to a more stringent trust methodology. Nevertheless, in March, Bugcrowd raised $33 million in C-series funding from a consortium of investors, including Blackbird Ventures, First State Super and Salesforce Ventures. It has been valued at $US115 million ($155 million)." The article includes quotes from Bugcrowd Chief Executive Casey Ellis.</li> <li> The book notes: "Past client Bugcrowd, the enterprise crowdsourced security pioneer, is a handy case study for how one start-up used Twitter aggressively to build its business. Bugcrowd has two main audiences that it focuses on to grow its business. The first audience is made up of independent security testers, the so-called “black hats” and “white hats” that Bugcrowd recruits to use its software platform to test corporate products via “bug bounty” programs. The second audience is corporations paying Bugcrowd to test their products through their community of security testers. Bugcrowd uses its Twitter channel to recruit and cultivate a tester community with news of bug bounty programs, product enhancements, new partners, rewards, recognition, meetups, and so on. For Bugcrowd, Twitter is a true community builder. As of this writing, their global tester community exceeds 25,000."</li> <li> The article notes: "For a cybersecurity company, Bugcrowd relies much more on people than it does on technology. ... Founded in 2011, Bugcrowd is one of the largest bug bounty and vulnerability disclosure companies on the internet today. The company relies on bug finders, hackers, and security researchers to find and privately report security flaws that could damage systems or putting user data at risk. Bugcrowd acts as an intermediary by passing the bug to the companies to get fixed — potentially helping them to dodge a future security headache like a leak or a breach — in return for payout to the finder. The greater the vulnerability, the higher the payout."</li> <li> The article notes: "Bugcrowd, one of the world’s top bug bounty startups, is set to name a new chief executive on Monday. ... Bugcrowd connects hackers to companies so that the former can get paid for reporting and helping fix vulnerabilities in the latter’s products. (For more insight into bug hunting, read this feature story in the July issue of Fortune magazine.) Bugcrowd works with customers such as, Pinterest, and Fiat Chrysler of America to bolster their security programs. ... Bugcrowd is one of two main bug bounty startups that create software to facilitate a market between security researchers and clients. Its rival--the to its Burger King, or to its --is HackerOne, which incidentally also brought on a non-founder CEO to scale its business two years ago. (You can watch a clip of M?rtin Mickos, HackerOne’s CEO, at this year’s Fortune’s Brainstorm Tech conference here.) ... To date, Bugcrowd has 60,000 security researchers enrolled on its platform. The company’s headcount tripled to 110 from around 35 a year ago." The article includes quotes from Bugcrowd Chief Executive Casey Ellis.</li> <li> The article notes: "Bugcrowd, which launched in 2012 as a crowdsourcing model for finding vulnerabilities in software, offers bug bounty, vulnerability disclosure programs, and penetration testing. The company relies on vetted independent security researchers to discover security weaknesses. ... Bugcrowd's new asset discovery service stops short of exploiting any vulnerable devices it discovers, he says. It's more about profiling the assets and providing context on how risky it is and what would happen if it were attacked." The article includes quotes from people affiliated with Bugcrowd.</li> <li> The article notes: "BugCrowd.com was also founded in 2012, but it trails HackerOne in investment dollars at US$48.7 million.16 BugCrowd has a slightly different model, whereby it internally employs verification engineers to manually check every bug submitted through its platform to ensure a certain standard of defects being submitted.12 It also boasts an impressive customer list headlined by Tesla, Cisco, Netgear, Atlassian, and Okta."</li> </ol>

There is sufficient coverage in reliable sources to allow Bugcrowd to pass Notability, which requires "significant coverage in reliable sources that are independent of the subject". Cunard (talk) 07:35, 28 March 2020 (UTC)</li></ul>
 * A McGraw-Hill Education book noted, "Bugcrowd is one of the leading crowd-source platforms for vulnerability intake and management." A Career Press book noted called Bugcrowd "the enterprise crowdsourced security pioneer". TechCrunch said, "Bugcrowd is one of the largest bug bounty and vulnerability disclosure companies on the internet today". Fortune said, "Bugcrowd is one of two main bug bounty startups that create software to facilitate a market between security researchers and clients." Cunard (talk) 07:35, 28 March 2020 (UTC)

<div class="xfd_relist" style="border-top: 1px solid #AAA; border-bottom: 1px solid #AAA; padding: 0px 25px;"> Relisted to generate a more thorough discussion and clearer consensus.
 * Comment: The creator,, wrote here: "No, I was never engaged into any form of paid editing. I was just reading a few days ago an article on Ars Technica about a bug posted on Bugcrowd so I thought maybe this web platform is important enough to deserve an article on Wikipedia. I just happened to create an article deleted before. And I can't remember re-creating any other deleted article than William Goad which doesn't have a history of UPE. — Ark25  (talk) 15:50, 26 March 2020 (UTC)" Cunard (talk) 07:35, 28 March 2020 (UTC)

Please add new comments below this notice. Thanks, North America1000 09:33, 29 March 2020 (UTC) <div class="xfd_relist" style="border-top: 1px solid #AAA; border-bottom: 1px solid #AAA; padding: 0px 25px;"> Relisted to generate a more thorough discussion and clearer consensus.

Please add new comments below this notice. Thanks, North America1000 10:39, 5 April 2020 (UTC)
 * Keep as per the sources identified above that show significant coverage in reliable sources to enable a pass of WP:GNG in my view, Atlantic306 (talk) 00:53, 6 April 2020 (UTC)


 * The above discussion is preserved as an archive of the debate. <b style="color:red">Please do not modify it.</b> Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.