This article can be found in Inside the Platform: Bugcrowd’s Vulnerability Report. Read the whole report for insights into what millions of vulnerabilities tell us about the year to come.
Rapyd is a cutting-edge fintech leader focused on helping businesses create great commerce experiences anywhere. It had been using crowdsourced security for years, but about a year ago, it made the switch to Bugcrowd with the goal of launching a public program, which it did six months later.
Rapyd has experienced outstanding results so far, uncovering almost 40 unique and valid vulnerabilities—15 of which were critical. We spoke to Achiad Avivi, who is responsible for application security at Rapyd, for his advice on how to successfully take a bug bounty program public.
Tip 1: Find the right hackers for your program and engage with the community.
While your program is still private, focus on finding specialized hackers for engagements so you have the right fit. By picking the right hackers for specific programs, researchers remain engaged, setting up a future public program for success. Be sure to respond quickly to hackers and engage with them to build positive relationships and a good reputation.
Tip 2: Build confidence in your security posture across the organization.
Be sure you have the right roadmap in place before launching a public program. We worked with Bugcrowd to build this. Our entire team participates in the strategy and operations of our program. We’ve integrated the platform with numerous DevSec tools for tracking program findings and routing to the appropriate stakeholders. By preparing our process in advance, we felt confident in going public.
Tip 3: Leverage unparalleled expertise from the Bugcrowd team.
Launching a public program is a journey, not a destination. We haven’t stopped looking for ways to continuously improve our program, and we work very closely with the Bugcrowd team via email, meetings, and Slack for advice on how best to do this. I encourage you to take similar advantage of these channels.
“We quickly felt safe to take our program public with Bugcrowd. We value the way Bugcrowd finds the right hackers with the right expertise for our programs.” – Achiad Avivi, applications security, Rapyd
Learn more about Rapyd’s journey with crowdsourced security.