Bugcrowd's bOunty Program: Case Study

Results and Lessons from Running Our Own Public and Private Bounty Programs


As a bug bounty company, our goal is to provide the best platform and service to provide our clients with high quality application security testing from our highly skilled and diverse crowd of security researchers. A big part of achieving that goal is running our own program, which is why we’ve run various bug bounty programs on our own website and product in the past three years. We’ve learned a lot, built a lot, and iterated a lot, and now want to share our results and lessons with our fellow security professionals and researchers.

In this report, you’ll learn about…

  • The evolution of our bug bounty programs
  • Data and trends we’ve seen in submissions on our website and platform
  • Processes we’ve implemented within our engineering team to encourage security feedback
  • How security feedback gained from our programs has helped our product team build a better platform


More Resources