San Francisco, CA


Overall Rank: 46
Category: Cybersecurity
Category Rank: 5


  • Power 500 Software Company


Bugcrowd is the leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world.

Today’s enterprise demands a proactive approach to cybersecurity—and Bugcrowd offers the only solution that orchestrates data, technology, and human intelligence to expose blind spots. The Bugcrowd Security Knowledge Platform™ enables businesses to do everything possible to protect their organization, reputation and customers with products like Bug Bounty, Pen Testing-as-a-Service, and more.

Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. See Security Differently™ at Bugcrowd.com

Visit www.bugcrowd.com

Become a Premium Subscriber

Please purchase a premium subscription to continue reading this report.

Subscribe Now

Key Products

Penetration Testing

Status-quo penetration testing (“pen test”) solutions are inflexible, take months to complete, and do nothing to reduce risk. The Bugcrowd Platform‘s modern, highly configurable pen testing as a service (PTaaS) suite delivers fast, high-impact results for compliance assurance and beyond. Launch pen tests in days and accelerate remediation. Make security stronger by running pen tests along with other solutions, like Bug Bounty, as part of a layered strategy for maximum risk reduction.

Web Application Pen Test

Web apps, whether cloud-based or on-premises, are potentially a user’s most vulnerable assets. They’re constantly changing and highly accessible, and they often contain sensitive data, so users can’t rely on outdated, consulting-heavy pen tests to secure them. Instead, Bugcrowd Web Applications Pen Tests (a Bugcrowd PTaaS solution) can improve security posture immediately by running highly configurable, high-impact tests at scale to shut those attack vectors down.

Mobile App Pen Test

Mobile apps are particularly vulnerable because most are developed with few of the security measures demanded for traditional IT—in fact, many mobile apps can be compromised in less than 15 minutes by skilled hackers. Bugcrowd Mobile App Pen Tests (a Bugcrowd PTaaS solution) help reduce Android and iOS app (including binaries, APIs, and infra) risk quickly by shutting those attack vectors down with focused, high-impact pen testing.

Network Pen Test

In their hyperconnected world, threat actors can exploit vulnerabilities in network infrastructure at breathtaking speed, putting applications and data at risk. Consulting-heavy or purely automated approaches to network pen tests often miss critical issues and can take weeks to produce results. With Bugcrowd Network Pen Tests (a Bugcrowd PTaaS solution), users can launch a network pen test program and start boosting security rapidly.

API Pen Test

APIs speed software creation by letting developers hook into app data and business logic. But the unique access APIs have to apps makes them big attack vectors–90% of apps contain more risk in the form of exposed APIs than the UI itself. Bugcrowd API Pen Tests (a Bugcrowd PTaaS solution) plug directly into a user’s dev lifecycle to find vulns that go undetected by old-school testing and scans, helping to ensure that the digital transformation journey isn’t cut short by a breach.

IoT Pen Test

Internet-connected cameras, printers, lighting, industrial control systems, and mobile devices have been deployed by the billions, making them ideal on-ramps for attackers–and beyond the ability of most organizations to secure via status-quo pen testing. Instead, with Bugcrowd IoT Pen Tests (a Bugcrowd PTaaS solution), users can improve security posture immediately by running highly configurable, high-impact testing at scale to shut those attack vectors down.

Cloud Pen Test

Cloud penetration tests involve shared infrastructure and responsibilities, with each cloud services provider (AWS, Azure, Google Cloud, etc.) having its own requirements. Securing these environments requires a deep understanding of their processes, compliance requirements, and policies. Bugcrowd Cloud Penetration Tests (a Bugcrowd PTaaS solution) let cloud adopters navigate that maze to secure this highly complex, fast-growing attack surface.

Social Engineering Pen Test

Social Engineering is among the most common attack vectors, but many organizations are unsure how they would fare in an actual social engineering attack scenario. Running a specialized pen test is the only way to assess how an org will respond to common, real-world, human-based threats. It’s also the recommended follow-up to Bugcrowd’s Social Engineering prevention training and workshops in order to validate their impact.

Bug Bounty

Bugcrowd’s platform-powered Managed Bug Bounty brings the right security researchers (the Crowd) into workflows at the right time to find hidden flaws in an attack surface. Unlike legacy tools, the Bugcrowd Security Knowledge Platform™ augments the bug bounty value proposition with ML-driven crowd matching (CrowdMatchTM), automated workflows, best-in-class triage, and contextual insight from the industry’s richest security knowledge graph.

Vulnerability Disclosure

A vulnerability disclosure program (VDP) puts the world on notice that a user is deadly serious about security. It sets the rules of engagement for the public to submit vulnerability reports about public-facing assets and then coordinates how they’re handled internally. Running on the Bugcrowd Security Knowledge Platform™, our managed VDPs provide submission channels, triage, integration, and reporting, with data from thousands of past customer experiences informing everything that happens.

Attack Surface Management

Bugcrowd revolutionizes attack surface management (ASM) by blending the ingenuity of the Crowd, technology, and data to help uncover hidden or forgotten assets (Asset Inventory), then assign and prioritize risk to them (Asset Risk). The most thorough assessment of attack surface risks available, Bugcrowd ASM goes far beyond what other solutions do to help users understand and manage all their digital assets.

Key Executives

Casey Ellis, Founder, Chairman, and CTO

Casey is the Founder, Chairman, and CTO of Bugcrowd. He is an 18-year veteran of information security, servicing clients ranging from startups to multinational corporations as a pentester, security and risk consultant and solutions architect, then most recently as a career entrepreneur. Casey pioneered the Crowdsourced Security as a Service model launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2016.

David Castignola, Chief Revenue Officer

David has more than 25 years of sales leadership experience in the cybersecurity security space. Most recently, David served as Chief Operating Officer for Cylance, where he helped lead the sale of the company to BlackBerry in February 2019. Prior to Cylance, he was named the first Chief Revenue Officer at Optiv, a $2.5 billion security systems integrator, and before that he worked at RSA for 16 years where he served as the Senior Vice President of World Wide Sales, a security division of EMC, with $1+ billion in sales revenues and recognized as one of the world’s most prestigious cyber security companies.

Robert Taccini, Chief Financial Officer

Prior to joining Bugcrowd, Taccini was the Chief Financial Officer of WhiteHat Security, where he played a key role in the successful spinout from NTT and sale of the business to Synopsys. In previous roles, he served as the CFO of HyperGrid; CFO and Treasurer of VCE Company, LLC; and Vice President of Business Operations Finance for Cisco Systems. As the startup CFO of VCE, Taccini drove revenue growth, gross margin improvements, and operating efficiencies as the business scaled up to $500 million in operating budget and from six employees to 2,000-plus employees. Taccini also executed a converged infrastructure market strategy that yielded a $3 billion annual revenue run rate with 50% compounded growth over five years.

Sammie Walker, Chief Marketing Officer

Sammie has more than 20 years of industry marketing experience in defining, launching and growing companies in the Networking, Analytics, Security, Digital Advertising, Telecom, and Collaboration markets. Prior to Bugcrowd, Sammie served as EVP and CMO for Infoblox, a leader in networking and security as-a service. Previously, Sammie held senior management roles at Aerospike, Actian, Vidyo, Zenprise, and Transera Communications.

Sammie holds an MBA from the School of Economics & Business Administration from St. Mary’s College.

Dave Gerry, Chief Operating Officer

Dave Gerry is the Chief Operating Officer at BugCrowd. Prior to that Gerry served as Chief Revenue Officer and Head of Global Operations (COO) at WhiteHat Security, where he oversaw global revenue growth, service delivery and customer-facing operations. Dave joined the company in 2017 and helped to lead White Hat through the sale to NTT in 2019 and, most recently, the sale to Synopsys in 2022.

Dave has been in the AppSec market for nearly a decade and has held key leadership positions within several cybersecurity companies such as WhiteHat Security, Veracode, Sumo Logic and The Herjavec Group. Dave is passionate about building programs that are repeatable, scalable and predictable, helping to drive customer business outcomes and technical value.

He holds an MBA from Suffolk University and a BA from Merrimack College.

Nicholas Mckenzie, Chief Information And Security Officer

Nick Mckenzie is the Chief Information and Security Officer at BugCrowd. Previously, Mckenzie worked at National Australia Bank (NAB), one of Australia’s four largest financial institutions, where he served as Executive General Manager-Chief Security Officer. At NAB, he was responsible for overseeing the enterprise security portfolio, which included cyber, physical security, investigations, and operational fraud capabilities to protect customers and employees, support business growth, and enable an operationally resilient bank.

Nick currently serves as an advisory board member for Google, Amazon Web Services, and Digital Shadows. Prior to NAB, Nick held IT risk and cybersecurity leadership roles at Standard Chartered Bank, J.P. Morgan, and UBS.

Corporate Responsibility

Diversity and Inclusion

Bugcrowd believes in recruiting diverse talent to create a thriving organization and community. They also believe that when people feel respected and included, they can be more creative, innovative, and successful. Cultivating a diverse and inclusive culture is not just good for business, it’s simply the right thing to do.

They support and empower their community to be authentic and they are committed to creating an empathetic and safe place where all feel valued and appreciated. This is rooted in their core belief that if they take care of their global community of employees, contractors and security researchers, they’ll take care of their customers. When they do this successfully, they open their minds to new ways of working and thinking.


Bugcrowd’s model is literally powered by diversity. Their platform uses multiple creative problem-solving pathways leveraging their community, commitment and experience in connecting the right hacker with the right target.

Their commitment to people and accelerating equality for all has never been more relevant than it is today. They want to drive change with intention. So they are proactively involved in advancing affirmative action around gender, sexual orientation, and ethnicity.

Their community represents the faces of the world, and this core DNA enables them to attract, develop, inspire, and reward top talent across their business. They create an environment that unleashes innovation, allows their people to perform at their very best, and fosters a culture in which everyone feels they have an equal opportunity to belong and build a career.

Their areas of focus include gender, ethnicity, LGBTI, religion, persons with disabilities, and cross-cultural diversity.

Customer insights

“It’s a win-win situation—either the Crowd finds something we didn’t see, in which case we can fix it. Or they don’t find anything, which validates our efforts.” – Adrian Ludwig, CISO, Atlassian


“Switching to a managed program with Bugcrowd reduced our required time and effort by 80%—allowing us to focus on what matters most.” – Johnathan Hunt, VP, Information Security, InVision

Company insights

“Bugcrowd is built on the principle that it “takes a crowd” to make the digitally connected world safer, and that an army of allies is needed to outsmart and overcome the army of adversaries who threaten our digital wellbeing. It’s not just a product principle of ours, it starts within our own team.” – Casey Ellis, Founder, Chairperson, and CTO


“I’ve been at Bugcrowd for three years, and appreciate that my managers have given me the support and room to grow. I’ve just moved into the Sales department as a Sr. Account Manager and can’t wait to see where Bugcrowd and I go next!” – Kaila Pollart, Sr. Account Manager