sleed Posted April 27, 2016 Report Posted April 27, 2016 IDEO: Casey Ellis, founder and CEO of Bugcrowd, discusses why he built his company and where the bug-bounty model is headed in the future. Security vendor Bugcrowd today announced that it has closed a new $15 million Series B funding round, bringing total financing to date for the company up to $24 million. The new funding round is led by Blackbird Ventures and includes the participation of Costanoa Venture Capital, Industry Ventures, Paladin Capital Group, Rally Ventures and Salesforce Ventures. Bugcrowd provides private and public bug-bounty programs for companies. With a bug-bounty program, security researchers are rewarded for responsibly and privately reporting security flaws in software. The overall goal is to help improve software quality, by enabling organizations to benefit from a large community, or "crowd" of researchers that are part of Bugcrowd's program. Leading Bugcrowd's efforts is the company's founder and CEO Casey Ellis. In a video interview with eWEEK, Ellis details why he started the company and how he is seeing the market for bug-bounty programs mature. Several organizations today offer bug-bounty programs that compete with Bugcrowd, including HackerOne and Synack. Ellis noted that there is enough of a market for multiple entrants. The fact that multiple firms provide bug bounties has raised awareness of them and is good for the market overall, Ellis said. "When I started the company in 2013, I spent most of my time explaining what a bug bounty was to people," Ellis said. "I don't have to do that anymore." Another thing that has changed over the last three years for Ellis and Bugcrowd is the underlying infrastructure for working with both security researchers and with organizations like Tesla, which is one of Bugcrowd's clients. Ellis noted that when he started the company, the technology he used was very basic, and he made use of things like the online Wufoo service for forms. Now the Bugcrowd platform is significantly more advanced, which helps researchers and Bugcrowd's clients find, report and issue rewards for flaws. "How we do things today is we prove a concept manually first, apply human intelligence to the problem set and then take the repeatable learnings and codify that," Ellis said. Video & Source: Source Quote
