Bugcrowd and HackerOne both launched in 2012 and both companies are vying in the growing bug bounty market to pay a network of white hat hackers to bang on client software to find vulnerabilities. Today, Bugcrowd announced a $26 million Series C jolt led by Triangle Peak Partners.
Bugcrowd is built on the premise that it’s better to hang a cash reward to a group of people vying to find glitches in a preemptive fashion, then to let the software get out in the world with an unknown opening for hackers to exploit. As we have learned, if there is a fissure, hackers are amazingly creative at finding them.
With just about every company building software these days, and with the advent of rapid developing techniques, it becomes harder for developers to take the time to find those openings. Even if they did, it’s often better to have other people, particularly those with a unique skill set, looking at the software for vulnerabilities. The money reward and natural competitiveness to find the glitches becomes extra motivating. Since its inception, the company has run over 700 programs, paying out over $12 million in bounties. As a the ways and means of comparing, Google’s bug bounty programs paid out almost$ 3 million last year and has paid out an equal sum since starting its program in 2010.
That approach is good as far as it goes, but CTO and company founder Casey Ellis says they want to take that a step further. They want to use the new investment to build on the data they have collected over the last six years to put automation to bear on the problem. That data is a treasure trove of valuable information and when you apply machine learning, you can begin to automate some of the bug search. It won’t altogether replace humans in the bug hunt simply because there are new vulnerabilities all the time, and you need humans to keep digging for them, but Ellis believes if you are able blend the ingenuity of human glitch hunters with intelligent algorithms, it will make for a more complete process.
Certainly investor Dain DeGroff, co-founding partner and chairperson at Triangle Peak Partners, who will join the Bugcrowd board as part of the deal, believes in the company’s methodology. “Every digital business today should take advantage of bug bounty programs, especially given the increased sophistication of cyberattacks and the proven effectiveness and power of the Crowd in identifying these threats before they cause damage, ” he said in a statement.
The company has attracted more than 400 customers to the service including Netgear, Pinterest, Mastercard and Atlassian and various government agencies throughout the world.
Existing investors Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Stanford also participated in the round, which shut last month. Today’s investment brings the total raised to more than $48 million, according to data on Crunchbase.
Make sure to visit: CapGeneration.com