Recent blogs

  • Session Expiry using Browser Broadcast-channel

    Polling is fine but does every tab need to poll? Electing leader tab and Broadcasting messages across tabs.
    Sanjay Sharma’s avatar
    Sanjay SharmaSenior Software EngineerSydney, Australia

  • On Dependable Dependency Systems and Supply Chain Risk

    The size of the supply chain problem and what we do at Bugcrowd to address them
    Haoxi Tan’s avatar
    Haoxi TanMid-level Security EngineerBrisbane, Australia

  • How to debounce user search input correctly in react

    Learn how to create an input with debounced on change event handler
    David Ten Sing’s avatar
    David Ten SingFront-End EngineerMelbourne, Australia

  • The Intractable Nature of Cloud Costs

    A look at one concrete example of some inter-related cloud costs, and where the pitfalls can lie when optimising them.
    Oliver Hookins’s avatar
    Oliver HookinsPrincipal DevOps EngineerSydney, Australia

  • Migrating from Webpacker to esbuild

    Migrating a Rails application from webpacker to js-bundling-rails with esbuild
    Andrew McNamara’s avatar
    Andrew McNamaraStaff Software EngineerSydney, Australia

  • Glue and Network Connections

    Setting up AWS Glue jobs with Glue Connections that can reach VPC-internal resources can be a challenge, especially if you need to access both RDS datastores and other non-RDS resources. In this blog post we explore some of the challenges we faced when dealing with this recently, and how to work around the limitations.
    Oliver Hookins’s avatar
    Oliver HookinsPrincipal DevOps EngineerSydney, Australia

  • Terraform Secrets and the AWS Parameter Store

    It's good practice to have your infrastructure defined in code via tools like Terraform, but what do you do with the secrets?
    Zara Kay’s avatar
    Zara KaySoftware Engineering ManagerSydney, Australia

Our story

We exist to protect and secure businesses in the digitally connected world

Traditionally, organizations seeking to improve their security posture engage a a single service provider for services like pen testing, source code analysis, and attack surface mapping.

This process is slow, heavy, and expensive — and you often have no guarantee you’re going to get good results or just glossy PDF reports.

join the hunt

We deliver a radical cybersecurity advantage

The Bugcrowd Platform connects a skilled security researchers and companies both small and large.

Our customers (who are often but not always tech companies) create a program, define the scope, set reward bounties and open the doors to the crowd of security researchers. Often the first severe bugs are found within hours — a dramatic speed and time advantage over slower, traditional testing or auditing.

office front

We believe in a world where no one is blindsided by cyber attacks

The Bugcrowd Platform offers customers a fine degree of control over their programs.

Customers specify which technologies are desirable in researcher skillsets — eg. Android or iOS — which might be critical if the product is not a website, but a mobile app, hardware device or even a modern car.

They also control program access and visibility, eg. private and by invite, or accessible only to specific sets of researchers.

bugcrowd coin

We power proactive security postures

Aside from our Platform’s unique features, Bugcrowd differentiates itself further from other platform providers by only offering managed programs.

Bugcrowd’s in-house SecOps team triages and evaluates every submission to ensure our customers only receive a high-quality feed of program submissions without the noise. We also have a dedicated Pen Testing team which offer a variety of services that go extend beyond classic pen testing.

leather couch
Simple is strong

Simple is strong

Approach every task with the goal of finding the simplest, strongest solution possible. Doing so helps us deliver resilient, robust, and efficient results.

Build it like you own it

Build it like you own it

Working at Bugcrowd isn’t just about trading your time — it’s about making meaningful change. No matter what you’re working on, always take ownership of and pride in your projects.

Respect is key

Respect is key

Everyone deserves to be treated with respect. Whether you’re working with an ethical hacker or a team member, always communicate in a manner that is both compassionate and respectful.

Think like a hacker

Think like a hacker

If it ain’t broke… well, take it apart anyway and make it even better! Never settle for “good enough,” and use whatever resources you have at your disposal to achieve your goals.

Don’t be valuable; create value

Don’t be valuable; create value

It’s not enough to simply “be valuable.” Instead, proactively create value for our stakeholders by solving their most urgent challenges in innovative, impactful ways.

Happy customers

Happy customers

Bringing delight to our customers and other stakeholders really matters to us. Always focus on offering them the best possible experience, throughout the platform and in day-to-day interactions with them.

360-degree accountability

360-degree accountability

In our fast-paced environment, every team member counts. Take responsibility for your own tasks, but be on the lookout for ways to ensure that things are getting done. Be ready to pitch in when they aren’t.