Bugcrowd and HackerOne both launched in 2012 and both companies are competing in the growing bug bounty market to pay a network of white hat hackers to bang on client software to find vulnerabilities. Today, Bugcrowd announced a $26 million Series C jolt led by Triangle Peak Partners.
Bugcrowd is built on the premise that it’s better to dangle a cash reward to a group of people competing to find bugs in a preemptive fashion, then to let the software got out in the world with an unknown opening for hackers to exploit. As we have learned, if there is a crack, hackers are amazingly creative at finding them.
With just about every company building software these days, and with the advent of rapid development techniques, it becomes harder for developers to take the time to find those openings. Even if they did, it’s often better to have other people, particularly those with a unique skill set, looking at the software for vulnerabilities. The cash reward and natural competitiveness to find the bugs becomes extra motivation. Since its inception, the company has run over 700 programs, paying out over $12 million in bounties. As a means of comparison, Google’s bug bounty programs paid out almost $3 million last year and has paid out an equal amount since starting its program in 2010.
That approach is good as far as it goes, but CTO and company founder Casey Ellis says they want to take that a step further. They want to use the new investment to build on the data they have collected over the last 6 years to put automation to bear on the problem. That data is a treasure trove of valuable information and when you apply machine learning, you can begin to automate some of the bug search. It won’t completely replace humans in the bug hunt simply because there are new vulnerabilities all the time, and you need humans to keep digging for them, but Ellis believes if you can combine the creativity of human bug hunters with intelligent algorithms, it will make for a more complete process.
Certainly investor Dain DeGroff, co-founding partner and president at Triangle Peak Partners, who will join the Bugcrowd board as part of the deal, believes in the company’s methodology. “Every digital business today should take advantage of bug bounty programs, especially given the increased sophistication of cyberattacks and the proven effectiveness and power of the Crowd in identifying these threats before they cause damage,” he said in a statement.
The company has attracted more than 400 customers to the service including Netgear, Pinterest, Mastercard and Atlassian and various government agencies throughout the world.
Existing investors Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Stanford also participated in the round, which closed last month. Today’s investment brings the total raised to more than $48 million, according to data on Crunchbase.