As cybercriminals become
bolder and more technologically
sophisticated, making products
as hack-proof as possible can
feel overwhelming. Fortunately, devel-
opers and manufacturers have access to
a worldwide team of experts who think
just like the hackers do—because they’re
hackers, too.
You could call Bugcrowd cybersecu-
rity’s version of The Avengers. The San
Francisco-based company is also No.
10 on Fast Company’s 2 019 Most In no -
vative Companies list in the Security
category. With more than 135 employees
and a platform that includes hundreds
of thousands of vetted and skilled
white-hat hackers, the Bugcrowd team
relentlessly searches for vulnerabilities
in its clients’ products. The first hacker
to report a bug gets a “bug bounty”—a
fee based on the bug’s severity and busi-
ness impact. The company then helps
clients address those issues and build
more secure products.PLAYING THE INFINITE GAME
CEO Ashish Gupta thinks of cyberse-
curity as an “infinite game.” Unlike
finite games—soccer, basketball, base-
ball, for example—where the players
and rules are known and the goal is
to end the game by winning or losing,
infinite games are f luid. They include
known and unknown players. The
rules are constantly changing, he says,
and the whole idea is to perpetuate the
game. Security is an infinite game, and
Bugcrowd is an infinite player.
And while Bugcrowd uses gamifica-
tion in its business model, the realities are
all too serious for clients. Roughly four
months before a well-publicized 2017
credit monitoring bureau data breach,
Bugcrowd’s hackers found the same vul-
nerability in a financial services client’s
system. They triaged and validated the
web server software bug, enabling the
customer to avert a potentially disastrous
breach by f i x ing it qu ick ly.“When you merge creativity with data analytics and a set of people who believe in
making the digitally connected world safer, you can accomplish a lot,” Gupta says.FIGHTING CYBERCRIME PAYS
Hackers who are serious about finding vulnerabilities and fighting bad actors find
it ca n pay of f. Some on Bugcrowd’s plat for m have made m illions of dolla rs in bug
bounties. And the platform is open to anyone who has the skills and can also pass
the company’s background check and vetting process.
It’s also a great way to start a career, Gupta says. Bugcrowd’s recent “Inside the
Mind of a Hacker” report found 81% of survey respondents credit bug hunting for
helping them get a job in cybersecurity. And while most bounty hunters are age
18 to 44, there’s an increasing trend toward getting an early start. Once, Gupta
received a direct message on Twitter from a high school student who had just
bought his parents a car with the money he earned as a researcher.HACKING FOR GOOD
Bugcrowd is committed to helping these skilled hackers use their powers for good.
The company helps ethical hackers develop their skills through Bugcrowd Univer-
sity. Additionally, an ambassador program allows researchers to network and help
each other. Innovation, quality, and service have been in Raymond’s DNA since the
beginning and are the pillars of their business.
“Our founder, Casey Ellis, has done a phenomenal job finding people at a time
when they can decide to be like the Avengers, where ‘I have this unique skill, and I
need to use it for good,’” Gupta says. “There are a lot of cybersecurity holes in the
world, which we need to help patch. We've done a really good job of helping our
hackers stay on the right side of the battle.” For companies battling cyberadversar-
ies, Bugcrowd’s team members could be the “superheroes” they need.Hackers to the Rescue
USING THEIR POWERS TO MAKE THE DIGITALLY CONNECTED WORLD SAFER,
THIS CAVALRY OF SKILLED HACKERS MAKES COMPANIES MORE SECURE.CRE ATED BY FASTCO WORKS CONTENT STUDIO AND COMMISSIONED BYBUGCROWD
EMPLOYEES AND
RESEARCHERS
work together
at the 2018
Atlassian Bug
Bash in Sydney,
Australia.