As cybercriminals become bolder and more technologically sophisticated, making products as hack-proof as possible can feel overwhelming. Fortunately, developers and manufacturers have access to a worldwide team of experts who think just like the hackers do—because they’re hackers, too.
You could call Bugcrowd cybersecurity’s version of The Avengers. The San Francisco-based company is also No. 10 on Fast Company’s 2019 Most Innovative Companies list in the Security category. With more than 135 employees and a platform that includes hundreds of thousands of vetted and skilled white-hat hackers, the Bugcrowd team relentlessly searches for vulnerabilities in its clients’ products. The first hacker to report a bug gets a “bug bounty”—a fee based on the bug’s severity and business impact. The company then helps clients address those issues and build more secure products.
PLAYING THE INFINITE GAME CEO
Ashish Gupta thinks of cybersecurity as an “infinite game.” Unlike finite games—soccer, basketball, baseball, for example—where the players and rules are known and the goal is to end the game by winning or losing, infinite games are fluid. They include known and unknown players. The rules are constantly changing, he says, and the whole idea is to perpetuate the game. Security is an infinite game, and Bugcrowd is an infinite player.
And while Bugcrowd uses gamification in its business model, the realities are all too serious for clients. Roughly four months before a well-publicized 2017 credit monitoring bureau data breach, Bugcrowd’s hackers found the same vulnerability in a financial services client’s system. They triaged and validated the web server software bug, enabling the customer to avert a potentially disastrous breach by fixing it quickly.
“When you merge creativity with data analytics and a set of people who believe in making the digitally connected world safer, you can accomplish a lot,” Gupta says.
FIGHTING CYBERCRIME PAYS
Hackers who are serious about finding vulnerabilities and fighting bad actors find it can pay off. Some on Bugcrowd’s platform have made millions of dollars in bug bounties. And the platform is open to anyone who has the skills and can also pass the company’s background check and vetting process.
It’s also a great way to start a career, Gupta says. Bugcrowd’s recent “Inside the Mind of a Hacker” report found 81% of survey respondents credit bug hunting for helping them get a job in cybersecurity. And while most bounty hunters are age 18 to 44, there’s an increasing trend toward getting an early start. Once, Gupta received a direct message on Twitter from a high school student who had just bought his parents a car with the money he earned as a researcher.
HACKING FOR GOOD
Bugcrowd is committed to helping these skilled hackers use their powers for good. The company helps ethical hackers develop their skills through Bugcrowd University. Additionally, an ambassador program allows researchers to network and help each other. Innovation, quality, and service have been in Raymond’s DNA since the beginning and are the pillars of their business.
“Our founder, Casey Ellis, has done a phenomenal job finding people at a time when they can decide to be like the Avengers, where ‘I have this unique skill, and I need to use it for good,'” Gupta says. “There are a lot of cybersecurity holes in the world, which we need to help patch. We’ve done a really good job of helping our hackers stay on the right side of the battle.” For companies battling cyberadversaries, Bugcrowd’s team members could be the “superheroes” they need.