Today, Bugcrowd announced a $6M Series A financing, led by Costanoa Venture Capital, with participation from existing investor Rally Ventures. As part of our investment, I have also joined Bugcrowd’s board of directors.
I wrote about our interest in security in October. In the short time since then, a number of large-scale breaches have occurred, including the famous ‘Sony Hack’ and a massive online bank robbery. The problem continues to get worse, and companies are scrambling to protect themselves with the latest and greatest security technologies. This problem has produced several notable startup successes including Palo Alto Networks, Splunk, and FireEye. However, despite their increased vigilance and spending on technology, there is one problem that chief information security officers (CISOs) can’t buy their way out of: talent. There are more than 200,000 unfilled cybersecurity jobs and open job postings have increased by 74% over the past five years.
Pioneered by Netscape, and refined by large web companies like Google and Facebook, bug bounty programs have emerged as a way for security teams to leverage talent outside of their companies, and continue to gain mainstream adoption. By offering financial rewards to security researchers who discover vulnerabilities in their systems, organizations are able to harness the power of crowdsourcing to have more security experts, working on their behalf, exactly when they’re needed. While these programs have been in existence amongst large web companies for some time, running such a program has been very difficult for “the other 99%” of companies until very recently. Bug bounty programs not only require a unique software platform, but also the resources and expertise to review and process the high volume of submissions that a well-run program will generate.
This is why Costanoa is absolutely thrilled to be partnering with Casey, Chris, and the rest of Bugcrowd team. Already counting Pinterest, Blackphone, Western Union and Aruba Networks among its customers, Bugcrowd gives companies of any size the ability to run bug bounty programs, and access to their globally distributed team of 15,000+ researchers. They have built a unique, end-to-end platform offering a turnkey solution for running and managing bug bounty programs, while also curating a diverse community of security researchers that are intelligently matched with companies based on their specific expertise.
We are very excited about the profound impact that Bugcrowd is having on the security industry, and look forward to building a great company together. If your company is interested in getting started with a bug bounty program, learn more and get started here.
For more information, read the press release here.