Products
Bug Bounty Program
Industry
Technology
-
Solution
Twilio started with a private bug bounty program and moved to a public bug bounty program.
-
Outcomes
- Crowdsourced testing has improved upon their existing Product Security initiatives, finding additional unknown and high-value vulnerabilities and an incredible return on investment.
- The additional layer of triage and validation provided by Bugcrowd has allowed them to increase their vulnerability finding capabilities while freeing up resources and allowing their security team to focus on other areas of the business.
Improving Product Security with the Crowd
Twilio, the cloud communications company out of San Francisco, CA, is an early adopter and innovator in the cybersecurity domain. Although they have consistently prioritized Product Security, they wanted to concentrate their efforts on the areas of greatest risk. To help augment their internal and external testing efforts, they turned to the crowd to start uncovering more vulnerabilities and learn from those findings.
Crawl, Walk, Run Approach
Not only have they leveraged the global crowd of independent security researchers through Bugcrowd for over two years, but they have utilized the model in a variety of ways and have benefited from their consistent engagement.
Working Closely With The Crowd
Through their private and public bug bounty program, they have strengthened their relationship with the researcher community and received steady contributions with many top researchers. This collaboration has been successful, as proof of the depth and breadth of their results and strong engagement across the researcher community.
This is one of the most important aspects of their bounty program, and their commitment to maintaining a healthy relationship with researchers has been noticed. At left are two top contributors on why they appreciate the Twilio program
By adding the power of the talented researcher community to our Product Security program, we’ve learned a lot about how people outside the company think about our products, additional scenarios where products can be at risk and what else we could do to protect our products. We’ve used this information to put a sharper focus on the areas of greatest risk, which has been invaluable to us as we scale.
Key Learnings
In addition to receiving high-quality results through their bug bounty program, Twilio has learned a lot from working with the security researcher community.
With Bugcrowd’s support, their bounty program has helped them meet their overall Product Security needs and goals:
- Crowdsourced testing has improved upon their existing Product Security initiatives, finding additional unknown and high-value vulnerabilities and an incredible return on investment.
- The additional layer of triage and validation provided by Bugcrowd has allowed them to increase their vulnerability finding capabilities while freeing up resources and allowing their security team to focus on other areas of the business.
Their success is indicative of their commitment to Product Security, and they will continue to evolve and maintain their bug bounty program.
Subscribe for updates
Read more customer case studies
Aruba Networks
After evaluating their current testing capabilities and organizational goals, Aruba decided to harness the collective power of human intelligence through...
Read More
TX Group
TX Group AG is a media company headquartered in Switzerland. Through a portfolio of daily and weekly newspapers, magazines and...
Read More
Atlassian
For a number of years, Atlassian was running its own incentivized vulnerability reporting program. While very successful, the team was...
Read MoreGet Started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.