Bugcrowd snaps up $102M for a ‘bug bounty’ safety platform that faucets 500K+ hackers

Bugcrowd — the startup that faucets right into a database of half 1,000,000 hackers to assist organizations like OpenAI and the U.S. government arrange and run bug bounty packages, money rewards to freelancers who can determine bugs and vulnerabilities of their code — has picked up a giant money award of its personal to develop its enterprise additional: an fairness spherical of $102 million.

Normal Catalyst is main the funding, with earlier backers Rally Ventures and Costanoa Ventures additionally collaborating.

Bugcrowd has raised over $180 million up to now, and whereas valuation isn’t being disclosed, CEO Dave Gerry mentioned in an interview it’s “significantly up” on its final spherical again in 2020, a $30 million Series D. As some extent of comparability, one of many startup’s larger rivals, HackerOne, was final valued at $829 million in 2022, based on PitchBook knowledge.

The plan can be to make use of the funding to develop operations within the U.S. and past, together with probably M&A, and to construct extra performance into its platform, which — along with bug bounty packages — additionally provides companies together with penetration testing and assault floor administration, in addition to coaching to hackers to extend their skiilsets.

That performance is each of a technical but in addition human nature.

Gerry jokingly describes Bugcrowd’s premise as “a dating service for people who break computers” however in additional formal phrases, it’s constructed round a two-sided safety market: Bugcrowd crowdsources coders, who apply to hitch the platform by demonstrating their abilities. The coders could be hackers who solely work on freelance tasks, or individuals who work elsewhere and choose up additional freelance work of their spare time. Bugcrowd then matches these coders up, based mostly on these explicit abilities, with bounty packages which can be within the works amongst shoppers. These shoppers, in the meantime, vary from different know-how firms by means of to any enterprise or group whose operations depend on tech to work.

In doing all this, Bugcrowd has been tapping into a few vital tendencies within the know-how business.

Organizations proceed to construct extra know-how to function, and meaning extra apps, extra automations, extra integrations and way more knowledge is transferring round from clouds to on-premises servers, from inner customers out to clients, and extra. All of meaning extra alternatives for errors, or bugs, within the code — locations the place an integration could create a safety vulnerability, for instance; or just lead to a bit of coding not working because it ought to — and a larger want for complete work to determine these gaps.

Current years have seen a profusion of recent safety instruments, powered by AI, that goal to determine and remediate these gaps in a extra complete and automatic manner. However that also has not changed the position of human hackers. These hackers would possibly work in a extra guide manner, or they may use automation instruments to assist them of their bug-hunting efforts, however will nonetheless have a crucial position to play in how that tech could be directed. As pc science continues to see an increase in recognition as a self-discipline, that’s produced a wider variety of good and technical folks on the planet who wish to rise to that problem, if not for the mental pursuit for the monetary one. Probably the most profitable bug bounty hunters could make millions of dollars.

Gerry mentioned that the startup’s been rising at over 40% yearly and is approaching $100 million in annual revenues.

The startup is now primarily headquartered out of San Francisco, after being initially based in Australia by Casey Ellis, Chris Raethke and Sergei Belokamen (Ellis remains to be with the corporate as chief technique officer. It now has “well over” 500,000 hackers and is including round 50,000 hackers yearly to that quantity, Gerry mentioned, and now has some 1,000 clients after including 200 shoppers within the final 12 months.

“Costanoa has watched Bugcrowd grow from an innovative concept for early adopters to being a force multiplier for Fortune 500 companies today,” mentioned Jim Wilson, Accomplice at Costanoa Ventures, in a press release. “Bugcrowd’s leadership team brings together seasoned experts with a deep understanding of cybersecurity trends and a proven ability to navigate the complexities of the industry. This next stage of growth under Dave’s leadership will allow them to expand their product offerings to help security executives get even more value from the crowd. We are excited to continue our partnership with the team to capture the significant opportunities ahead.”