Recent blogs
- Polling is fine but does every tab need to poll? Electing leader tab and Broadcasting messages across tabs.
- The size of the supply chain problem and what we do at Bugcrowd to address them
- Learn how to create an input with debounced on change event handler
- A look at one concrete example of some inter-related cloud costs, and where the pitfalls can lie when optimising them.
- Migrating a Rails application from webpacker to js-bundling-rails with esbuild
- Setting up AWS Glue jobs with Glue Connections that can reach VPC-internal resources can be a challenge, especially if you need to access both RDS datastores and other non-RDS resources. In this blog post we explore some of the challenges we faced when dealing with this recently, and how to work around the limitations.
- It's good practice to have your infrastructure defined in code via tools like Terraform, but what do you do with the secrets?
Our story
We exist to protect and secure businesses in the digitally connected world
Traditionally, organizations seeking to improve their security posture engage a a single service provider for services like pen testing, source code analysis, and attack surface mapping.
This process is slow, heavy, and expensive — and you often have no guarantee you’re going to get good results or just glossy PDF reports.
We deliver a radical cybersecurity advantage
The Bugcrowd Platform connects a skilled security researchers and companies both small and large.
Our customers (who are often but not always tech companies) create a program, define the scope, set reward bounties and open the doors to the crowd of security researchers. Often the first severe bugs are found within hours — a dramatic speed and time advantage over slower, traditional testing or auditing.
We believe in a world where no one is blindsided by cyber attacks
The Bugcrowd Platform offers customers a fine degree of control over their programs.
Customers specify which technologies are desirable in researcher skillsets — eg. Android or iOS — which might be critical if the product is not a website, but a mobile app, hardware device or even a modern car.
They also control program access and visibility, eg. private and by invite, or accessible only to specific sets of researchers.
We power proactive security postures
Aside from our Platform’s unique features, Bugcrowd differentiates itself further from other platform providers by only offering managed programs.
Bugcrowd’s in-house SecOps team triages and evaluates every submission to ensure our customers only receive a high-quality feed of program submissions without the noise. We also have a dedicated Pen Testing team which offer a variety of services that go extend beyond classic pen testing.
Simple is strong
Approach every task with the goal of finding the simplest, strongest solution possible. Doing so helps us deliver resilient, robust, and efficient results.
Build it like you own it
Working at Bugcrowd isn’t just about trading your time — it’s about making meaningful change. No matter what you’re working on, always take ownership of and pride in your projects.
Respect is key
Everyone deserves to be treated with respect. Whether you’re working with an ethical hacker or a team member, always communicate in a manner that is both compassionate and respectful.
Think like a hacker
If it ain’t broke… well, take it apart anyway and make it even better! Never settle for “good enough,” and use whatever resources you have at your disposal to achieve your goals.
Don’t be valuable; create value
It’s not enough to simply “be valuable.” Instead, proactively create value for our stakeholders by solving their most urgent challenges in innovative, impactful ways.
Happy customers
Bringing delight to our customers and other stakeholders really matters to us. Always focus on offering them the best possible experience, throughout the platform and in day-to-day interactions with them.
360-degree accountability
In our fast-paced environment, every team member counts. Take responsibility for your own tasks, but be on the lookout for ways to ensure that things are getting done. Be ready to pitch in when they aren’t.