Bugcrowd Reviews

I work with Bugcrowd mostly as a crowdsourcing security platform. I use Bugcrowd by putting a brief on Bugcrowd's website, and then their community of security researchers hunt for vulnerabilities in our website. They triage those vulnerabilities and pass them on to us.

The most valuable features or capabilities of Bugcrowd that I have found is the triage process. Triage has helped me manage vulnerabilities as they apply their security skills to ensure that vulnerabilities are valid.

Bugcrowd's use of crowdsourced hackers has helped in discovering unique vulnerabilities. They've found more than 20 vulnerabilities, including at least one critical vulnerability, so it has worked really well.

Bugcrowd's vulnerability disclosure programs have improved my organization's security posture as it is a much more efficient version of penetration testing. It is the main way in which we discover vulnerabilities that have entered the wild without us realizing.

From using Bugcrowd so far, I have seen positive impacts and benefits as we can then fix those vulnerabilities and make our website more secure.

Bugcrowd could be improved or enhanced as they seem to have a lot of internal churn at the moment, so they could be more stable and more customer-focused. By customer-focused, I mean they are not very good at communicating what is changing on their side to their customers. I am now on my fourth account manager within one year. My latest call with them was with the fourth account manager saying there have been many changes and apologizing that no one I have spoken to in the past is on this call, but going forwards it will be them. With the fourth account manager in a year, it is hard to trust that message.

I have been working with Bugcrowd for not far off a year.

Bugcrowd has been scalable so far and it has been fine. The scalability does not matter to us.

I often communicate with the technical support and I do often raise tickets. I would rate their support in terms of professionalism and how helpful they are as an eight.

Positive

Before Bugcrowd, I did use a different solution for the same use cases as we did it in-house.

I participated in the initial setup of Bugcrowd, and it was reasonably straightforward. It is quite a complicated thing that we were trying to put into place, so there was quite a lot to it, but it was as simple as it could have been.

Bugcrowd's analytics do not affect my organization's prioritization and mitigation process, as that was our goal before installing Bugcrowd. We were running our own in-house bug bounty program before we got in touch with Bugcrowd, so this is not a new environment to us. What they have added in is more security skills in terms of their triage process, and they manage the relationship with the security researchers, so those were the two things we were looking for and that is what they have delivered.

The impact of Bugcrowd's detailed reports and analytics on my risk management overall is not significant because we were doing it all before anyway, and that was not our objective.

I think the pricing and licensing of Bugcrowd are expensive, but we do get good value from it, as we find vulnerabilities that we would otherwise be unaware of.

Before choosing Bugcrowd, I did evaluate other options and vendors, including HackerOne, as their triage looked better.

One of the most difficult things to use was trying to get the integration with our Jira working properly. I would rate this product an eight overall.

Public Cloud

I use Bugcrowd for reporting security vulnerabilities on different websites. Bugcrowd acts as a middleman between ethical hackers and websites. I report vulnerabilities and Bugcrowd ensures they are communicated to the relevant website, such as Facebook or Twitter, and pays me a reward if the reported vulnerability is valid.

The most valuable aspect of Bugcrowd is that it provides a long list of different websites or web applications where I can report vulnerabilities. Bugcrowd ensures that if vulnerabilities are reported through their platform, payment is guaranteed. 

Additionally, the platform aids in transferring money directly into my bank account, making the entire process smooth. Working on Bugcrowd has made me a better security engineer since it provides a competitive environment to report successful vulnerabilities.

The triaging process has slowed down compared to three years ago. It now takes more time to resolve a reported vulnerability and receive the payout. 

Also, the platform can be challenging for new users who might find it difficult to get invitations to private programs.

I started using Bugcrowd in 2020, so it's been over four years.

Bugcrowd is very stable. I have never experienced any outages or stability problems.

There is another platform called HackerOne which is a competitor. HackerOne is bigger and better in terms of scalability as they have more programs and clients. Bugcrowd is also significant, however, it could improve in this area.

Currently, I would rate Bugcrowd's customer service and support as a seven out of ten. They need to be quicker in responding to tickets.

Neutral

Before Bugcrowd, I did not use a different solution. I started using Bugcrowd and HackerOne simultaneously.

The initial setup is very straightforward, and I would rate it a ten out of ten.

There was no investment from my side, so the return in terms of money is all positive. I receive rewards as bounties, which is excellent.

From the perspective of security researchers like myself, Bugcrowd is very inexpensive. It's almost free for me, as there are no fees or commissions. However, I am not familiar with what they charge websites.

I have also worked a bit on a platform called Integrity, however, it's not as big as Bugcrowd.

Working on Bugcrowd can improve one's skills as a security engineer due to its competitive nature. 

Overall, I would rate Bugcrowd an eight out of ten.

I am a developer working in cybersecurity, and I use Bugcrowd to help companies remove vulnerabilities from their websites. I report vulnerabilities found in applications or customer platforms through Bugcrowd's cloud platform. This allows the cloud team to track submissions, and then the client provides feedback.

One of the features I like most about Bugcrowd is the ability to create a report in a very easy way. I can drag and drop images and write reports using markdown, which makes report submission and creation very efficient. Bugcrowd serves as a platform for finding cybersecurity vulnerabilities.

There is room for improvement in Bugcrowd's response time when customer input is needed for resolving tickets. If this time could be minimized, it would be very helpful.

I have been using Bugcrowd for the past four years.

I encountered some minor issues such as broken links in engagements, but these were resolved quickly after raising a ticket. Overall, Bugcrowd has minor stability issues.

The scalability of Bugcrowd is pretty easy according to me.

Bugcrowd's support team is very active and supportive. However, there are delays when tickets require customer response.

Positive

The initial setup is easy. You create an account using your email and password, add your bank account, and wait for verification from the Bugcrowd team. Once verified, you can accept payments.

Currently, Bugcrowd is free. Public engagements can be viewed by anyone, while private ones require invites from Bugcrowd.

I would rate Bugcrowd an eight out of ten. 

I recommend it to others who are good in the cybersecurity domain. For newcomers, I advise having a depth of knowledge in cybersecurity to effectively help companies through Bugcrowd.

On-premises

As a security researcher, I log in to Bugcrowd, look for a program, choose it, and then start security auditing it. If I find vulnerabilities, I write a report to them. The customer evaluates my report, and if it is valid, they reward me with a bounty.

Bugcrowd has programs that disclose rewards and invite researchers to new programs. There is a pen test feature for top hackers on the platform, and they have a new feature called Collections, which provides multiple programs in one collection. This collection feature is beneficial for targeting specific companies like Cisco, allowing easy identification of targets.

Bugcrowd should provide more access to the reports, similar to HackerOne, allowing for full disclosure once a bug is resolved, so researchers can learn from them. They should improve the responsibility type and response time of their customer support, especially when the issue is urgent.

I have been working for Bugcrowd as a researcher for three years.

I believe Bugcrowd is highly stable. I rate the stability as ten out of ten. There's high availability. I have not experienced any issues.

I think Bugcrowd's scalability could be improved by adding more programs, unlike HackerOne where I have access to a significantly higher number of programs.

The availability of the support team can be improved. Sometimes, they take one to seven days to reply, especially in case of report mediation.

Neutral

Setting up Bugcrowd is very easy. I would initially rate it as ten out of ten, however, with the consideration of having to fill out a tax form for receiving bounties, I rate it eight.

For researchers, the pricing and bounty table scale are good. However, I don't have information about customer pricing.

I work for HackerOne as well.

I rate Bugcrowd eight out of ten. 

For new users evaluating Bugcrowd, the platform has good programs where you can earn money. Work hard and engage with Bugcrowd.

Public Cloud

Other

I use Bugcrowd for finding bugs and vulnerabilities. I have been using it for two years. Besides Bugcrowd, I also use HackerOne to find multiple boundaries and vulnerabilities.

The highest bounty is what I like best about Bugcrowd. I also appreciate the hall of fame and stickers feature, which I find great. Bugcrowd is a very helpful platform overall. It is easy to use, and I appreciate the platform for the boundaries and hall of fame it offers.

The tool itself could be improved. I hope to improve next time and perform better.

I have been using Bugcrowd for two years.

The deployment requires experience and knowledge, which I have due to my college study.

I have never had any problems with the stability while using Bugcrowd. I use it to find errors and vulnerabilities and receive rewards. It is very helpful and stable.

I contacted Bugcrowd's support team and did not have any problems with them. The support is quite good.

Positive

I also use HackerOne for three years.

The initial setup of Bugcrowd is easy.

I understand the pricing, and it involves rewards of at least one thousand dollars.

Using Bugcrowd is very helpful, and I recommend it to others, including my friends who also use it. I advise using the boundaries and looking into the hall of fame as it is very beneficial. I would rate Bugcrowd a ten out of ten.