The expansion of the bug-bounty industry continues as Bugcrowd announced Thursday that it is bringing in $26 million in its latest round of venture capital funding.
The San Francisco-based company has seen consistent growth since its inception in 2012. It says that in the last quarter alone, it grew its base of commercial and Fortune 500 customers, opened new offices in London and Sydney and added to its leadership team.
Bugcrowd has now raised about $50 million in venture capital funding. The Series C funding was led by Triangle Peak Partners, a venture capital firm that focuses on software and security. Triangle Peak’s president and co-founder, Dain DeGroff, will also be joining Bugcrowd’s board of directors.
“Bugcrowd has built a successful business model addressing a growing and critical need,” DeGroff said in a press release. “Their deep relationships with the researcher community and expertise managing crowdsourced programs make Bugcrowd a strategic asset to the enterprise.”
The bug bounty model overall has seen rapid adoption in recent years, with companies like Bugcrowd, HackerOne and Synack leading the charge. Companies, government agencies and other entities use such platforms to run contests that allow freelance cybersecurity researchers to find new bugs on their networks and report them for cash prizes.
Casey Ellis, Bugcrowd’s founder and CTO, says the growth marks a shift in attitude about the value of hacking.
“What we have is a set of activities that historically has been mistrusted by people on the defensive side,” Ellis told CyberScoop. “Now we’re starting to learn that they can be helpful and indeed that we actually need them. There’s this entire about face that’s happening from a legislative standpoint, corporately, and in terms of just how people think.”
Big names in Bugcrowd’s portfolio include Tesla, Atlassian, Fitbit, Square, Mastercard and others.
CEO Ashish Gupta said the crowdsourcing model is necessary because the battle between malicious hackers and companies wanting to protect their data is tilted toward the former.
“Ballooning attack surface combined with the asymmetric battle between cyber-defenders and attackers is necessitating businesses to rethink their security strategies to level the cybersecurity playing field,” Gupta said in the press release. “The dearth of cybersecurity defenders within organizations and the shortcomings of status quo security approaches is increasingly being addressed by crowdsourced security testing as it cost effectively brings the creativity of the crowd to outsmart adversaries.”
Check out our video with Bugcrowd CTO Casey Ellis from DC CyberTalks: