Key Takeaways from Instructure's Successful Bug Bounty Program

Instructure is the company behind Canvas, an innovative Learning Management System, and has been conducting annual open security audits for the last 4 years. The company releases the results of their pen tests publicly, and in 2014, findings showed that they had received 8x the bugs with Bugcrowd’s crowdsourced penetration tests.

Wade Billings, the Head of Security at Instructure and Jonathan Cran, the VP of Operations at Bugcrowd, host a conversation around current pen test audit practices and how to improve upon results by considering a new forms of security technology, such as crowdsourced pen tests.

Key Takeaways:

  • Got more out of their pen test budget with better results.
  • Decreased the friction between dev and security teams with fully validated results.
  • Fixed all valid issues, and has upped its continuous security testing by running a private bug bounty program.

View the slides.


More Resources