Demand for Bugcrowd crowdsourced penetration testing for compliance accelerates during pandemic


Demand from major European businesses for continuous security testing has boomed since the start of the Covid-19 pandemic, Bugcrowd said today. Amid lockdowns across the continent, the world’s top crowdsourced cybersecurity company recorded nearly 100 percent growth in EMEA sales during the second fiscal quarter of the year with similar growth in interest and enquiries from major companies.

Since March, companies across Europe have been working to maintain some semblance of ‘business as usual’, despite the added complexity of entire workforces working remotely. But, says Bugcrowd, the real drivers behind the dramatic increase this year in demand for crowdsourced security are the powerful combination of stringent rules around compliance with a rapidly growing realization that traditional approaches to penetration testing are inadequate or simply don’t work in an increasingly agile development world. Together, these factors make harnessing the power of the crowd all-but-mandatory for many organizations.

Bugcrowd attributes its rapid growth to the company’s unique remote-first model, which facilitates critical security services during shelter-in-place orders that hamper traditional pen testing firms. This model, accelerated by Bugcrowd’s platform technology, also helps expedite launch and delivery timelines to meet the growing demands of increasingly agile businesses. Using an extensive database on the skills, experience, and performance of thousands of globally available pen testers, Bugcrowd can deploy the right team in under 72 hours, with results viewable in-platform immediately.

Bugcrowd’s explanation for the growth in demand is confirmed by new customer Revolut, the UK-based fintech now valued at $5.5bn:

Revolut relies on Bugcrowd to deliver both crowdsourced penetration testing to meet compliance objectives and a managed bug bounty program to test its regularly-updated mobile apps. Philip Edwards, Global Head of Security at Revolut, said: “By design and intent, Revolut is an agile, digital business which depends absolutely on the quality of our digital services – services which are highly regulated, subject to scrutiny and must comply with numerous rules and regulations. We could not pen-test adequately using traditional means even if we wanted to. Instead, adopting a crowdsourced approach to security and bugs with Bugcrowd exemplifies our agile, be-the-best approach: we can dynamically tailor programs according to our needs, and on an ongoing basis we enjoy the continuously self-updated skills of many of the world’s finest security researchers.”

Ashish Gupta – CEO and President of Bugcrowd – explained: “It’s clear that we’ve reached a tipping point. Organizations know that the combination of ‘agile’ and ‘compliance’ result in complexity that mandates a new approach to testing. But those same organizations have found that it’s neither possible nor ideal to recruit their own team of testers; the skillsets are scarce and therefore expensive, while in-house staff can become overly focused on what they know rather than what they don’t know. So, they are turning to Bugcrowd’s global network of on-demand, highly specialized cybersecurity experts.”

“The upshot of crowdsourced security powered by Bugcrowd’s intelligent platform is better testing and better outcomes at better value,” added Gupta. “Plus, there are opportunities for our remarkable community of security researchers to earn rewards and continuously develop and hone their skills across an array of apps, environments and organizations. That feeds back into even better testing and outcomes for our customers… everybody wins.”

Bugcrowd recently released its 2020 “Inside the Mind of a Hacker” report, which incorporates data from 1,549 programs and 7.7 million platform interactions to provide a striking, in-depth view of emerging trends among Bug Bounty, Penetration Testing, Attack Surface Management, and Vulnerability Disclosure Programs. The report analyzes 3,493 survey responses from working hackers, plus hacking activity on the Bugcrowd platform between May 1, 2019, and April 30, 2020, to highlight insights from its vast on-demand cybersecurity workforce.