News & Analysis

Bugs Bounty is Big Business

So big that now there’s a start-up that’s raised an additional $102 million to sweep the floor

Make no mistake! Bugcrowd isn’t a new venture that got off the ground the other day. It came into existence in 2012 at Sydney and waited for a good seven years till 2019 before gaining recognition as amongst the largest bug bounty and vulnerability disclosure companies, now headquartered in San Francisco. 

The company taps into the databases of half a million hackers in order to assist companies, including OpenAI and even the US government to set up and run bug bounty programs that offer cash to freelancers finding bugs and vulnerabilities in code. Bugcrowd has now raised an equity round of $102 million to grow the business at a faster pace.

Debugging is big business now 

The investment is being led by General Catalyst alongside original backers Rally Ventures and Costanoa Ventures. The latest round takes the company’s total fund raise to $180 million. There is no mention of the valuation though it is definitely up from the last round of $30 million in Series D done in 2020. 

However, we can speculate based on the valuation of close competitor HackerOne that was valued at $829 million in 2022. Not that valuation is all that critical. The company plans to use the fresh funds to expand operations in the US and beyond through M&A routes in order to build more functionalities into its platform, which offers services such as penetration testing, attack surface management and training to hackers. 

Matching making service for bug fixing

CEO Dave Gerry likens his company’s business to a dating service for people who break computers and notes that it is built around a two-sided security marketplace where Bugcrowd sources coders and then matches their skill sets with bounty programs that are in the works among its customers. 

The business model allows Bugscrowd to delve into two key industry trends. The first is of course the growing need to create more tech via apps and automations and integrations that is used to move data around from clouds to on-premises servers and from internal users out to the customers. This means more room for errors or bugs in the code.

In parallel, there has also been an influx of security tools powered by AI to identify and remedy gaps in the code base via comprehensive automation. However, this hasn’t been able to replace human hackers who work manually or use automation to help bug-hunting. These individuals have a critical role to play in how the technology gets directed in the future.  

Bugcrowd is in a happy space and how! 

Bringing these two facets of the industry together is what has helped Gerry and his startup to grow 40% annually over the past few years and get close to $100 million in annual revenues. Of course, the original founders in Australia – Casey Ellis, Chris Raethke and Sergei Belokamen – had envisaged it as a crowdsourced platform then and that continues till date. 

Today, the business boasts of well over 500,000 hackers and adds about 10% to this number each year. On the customer front, Bugcrowd now boasts of 1000 names, having added 200 new clients in 2023. No wonder CEO Gerry is upbeat. “Customers continue to flock to Bugcrowd as they are disenchanted with the legacy vendors in the crowdsourced security space,” he told VentureBeat in a recent chat. 

Slow triage times, fluctuating and confusing pricing models, limited crowd engagement and limited support options for clients have forced them to demand alternatives,” he notes. The crowdsourced security market itself is projected to grow from $90 million in 2019 to more than $135 million in 2024 and Bugcrowd is all set to debug its customers.