The story of Bugcrowd, from Startmate to San Francisco
Wednesday, September 24, 2014/
There are many more bad people hacking computer systems than good ones helping them not get hacked. Each week it seems that some huge institution reveals that their customer’s financial information has been breached or passwords compromised. There was Target earlier this year and Home Depot in the US more recently and hundreds more that never see the light of media attention.
So what do companies do to get help? Smooth sounding salespeople from trusted large organisations sell the time of security penetration testing consultants at a rate of $2000 per day. The client doesn’t know if they’ll be any good and the cost means they can’t hire as many of them as they would like.
Bugcrowd was setup to change the way this corner of the world works. Casey Ellis and Serg Belokamen had worked together in a small consulting firm selling their services one day at a time before starting Bugcrowd and joining Startmate last year.
The premise of Bugcrowd was to pay for results not hours. Companies like Facebook and Google had pioneered the concept of a bug bounty program where good hackers would responsibly disclose vulnerabilities and the companies would reward them, first with t-shirts and now with serious cash. Bugcrowd would let all the companies in the world who weren’t the size of Facebook and Google run similar bug bounty programs.
The second insight was to help security testers build a reputation. By sitting in the middle of helping security problems get fixed, Bugcrowd could audit and verify if a security consultant was any good or not. The tester could then take that reputation and help win more consulting work, more reliably and not have to work for a big accounting firm. You can see an example here in Pinterest’s bug bounty hall of fame, who use Bugcrowd’s platform to manage their security testing.
What was once a whacky idea is now a common practice, at least in Silicon Valley, and Bugcrowd has grown very quickly. But not without some heartfelt moments. The company decided to relocate to San Francisco to be nearer to its customers and Serg, the original co-founder, had to make the personal decision to stay in Australia and leave the company. Chris Raethke, who was a founder of another company in the same Startmate batch last year that had failed, joined the company as a founder.
The company’s growth though, meant they were able to raise a large multi-million dollar seed round from some great investors like Icon Ventures, Paladin Capital and Square Peg Capital, as well as a bunch of angels.
We filmed an interview with Casey and Chris about their journey so far and the help Startmate gave them in this mini documentary. Applications for Startmate 2015 close next Tuesday and we’d love for you to begin your own story. Apply now.
From the frontlines
Alan Jones: How to raise investment for a startup with no customers and no revenue Alan Jones M8 Ventures partner
Canva's Melanie Perkins has 10 tips for startups with 'crazy-big dreams' Melanie Perkins Canva co-founder
Why Up's transgender controversy shows there can be no separation between founders and their companies Joan Westenberg StartupSmart columnist
Take a stand: Why being neutral hurts profitability and engagement Steven Maarbani VentureCrowd executive director
The power of passion: Naked Wines' co-founder reflects on what made the startup successful Peta Jecks Naked Wines co-founder
Hipsters, hustlers and hackers: Three instances of everyday bias in startupland Theresa Lim Play2Lead founder
Diversity and coaching will rid the banking sector of its toxic culture problem Hema Kangeson inSpur founder
Why you should find the right role for the right person — not the other way around Bruce Stronge Outfit founder