Bugcrowd adds ‘flex' pricing model to bug-bounty programs

Idea is to get security researchers to vie to find unknown vulnerabilities in software.

Bugcrowd, the firm that offers a bug-bounty service program that brings together companies willing to pay to hear about serious software vulnerabilities and the security researchers that can find them, says it's offering a new pricing model.

According to Bugcrowd CEO Casey Ellis, the "flex" pricing model is based on the idea that customers would share code they want to be examined by researchers for possible vulnerabilities and researchers that found bugs would share in a percentage of the total reward pool offered.

+ ALSO ON NETWORK WORLD How Bug Bounty programs bring big savings and better security +

The "flex" program augments Bugcrowd's other type of bug-research arrangements, such as monthly pricing to use Bugcrowd's platform that brings together thousands of security researchers claiming they've discovered serious security holes that these customers might be willing to pay for. "You pay every time you learn something you don't know," he added.

Ellis says Bugcrowd now has about 10,000 security researchers registered, and there's a system for allocating "points" for findings over time, which shows which researchers are top-ranked in certain ways.

Founded in 2013 and based in Sydney, Australia, Bugcrowd acts as a broker to bring together the security researcher claiming to have discovered something serious with the company that would want to fix the problem in its code right away lest destructive hackers take advantage of it. Ellis says Bugcrowd helps "adjudicate" the process between the researcher and the company involved. Bugcrowd says the process encourages responsible disclosure of security flaws where researchers get paid for their efforts.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags network securityBugcrowd

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

More videos

Blog Posts