Bugcrowd raises $30M in Series D to expand its bug bounty platform

Bug bounty and vulnerability disclosure platform Bugcrowd has raised $30 million in its Series D funding round.

The San Francisco-headquartered company said the round brings the total amount raised to $80 million since the company was founded in 2011. This latest round was led by Rally Ventures, which previously invested in the startup.

Bugcrowd acts as an intermediary between security researchers that find bugs and security flaws and the companies with products and services that need to be fixed. By mediating from the middle, the process ensures that bugs are appropriately triaged, mitigated, and rewarded, and that both sides follow the rules to mitigate potential abuse.

Reputable and mainstream bug bounty platforms are few and far between, but are in high demand. Bugcrowd has scored some major customer wins, including Mastercard, Fitbit and other Fortune 500 companies.

As for the round itself, Bugcrowd CEO Ashish Gupta said the $30 million will help the company ramp up its expansion of its platform, particularly in Europe and Asia.

“The fight against cybercriminals is never-ending and attack surfaces are constantly expanding,” Gupta told TechCrunch. “We’re expanding our offerings, applying the intelligence from our crowd to a variety of different security use cases to help customers find and fix vulnerabilities faster, and continue to scale the platform.”

Gupta said Bugcrowd serves 65 industries in 29 countries. “We want to continue that growth trajectory,” he said.

Even though large swathes of the world have ground to a halt thanks to the coronavirus pandemic, the security world hasn’t shown any signs of slowing. In fact, vulnerability reports during March are up 20%, Gupta said. And Bugcrowd is largely unfazed by the stay-at-home orders, given that its staff are remote-first. “We did temporarily close our five physical worldwide offices but have seen no disruption of services,” he said.

The funding comes at an important time for the company. In the past year, Bugcrowd expanded its relatively new penetration testing offering, a service where companies ask trusted researchers to stress-test their systems to find and shore up holes before an attacker can. That side of the business — less than two years old — grew by 400% year-over-year since its debut, said Gupta.

“Our customers see a ten-times higher number of critical vulnerabilities from our pen test solution compared to other assessments because we bring the right researcher with the right skills to deliver insightful submissions,” said Gupta.