Don’t be jealous of Facebook and Google. With the help of a startup called Synack, your company can put on a bug bounty, too.
Such programs entice researchers to come in and find security flaws in web applications in exchange for acknowledgment of finding the bugs and, in some cases, cash rewards.
Synack launched last year to serve as a middleman between companies and researchers and provide a sophisticated cloud-based system for estimating the value of vulnerabilities that researchers turn up.
Now Synack has dug up more funding for itself — $7.5 million, to be specific. The money will help Synack add to its service and provide certification for the people who come aboard and look for security issues.
The funding points to the value of bug-bounty programs, where white hat hackers do temporary work on your company’s behalf and show how they discovered bugs and how to squash them.
As Synack matures, that list could get longer and longer. And government agencies could get in on the bug-bounty fun, too. Synack founders Jay Kaplan and Mark Kuhr worked on vulnerability assessment as analysts at the National Security Agency, and they aim to work with public-sector groups, among other customers, at Synack.
“To date, we have regularly worked with more web-centric industries than others. That said, we expect to continue to gain widespread adoption over the coming months,” Kaplan wrote in an email to VentureBeat.
Kleiner, Perkins, Caufield, & Byers led the new round for Synack, based in Menlo Park, Calif. Google Ventures, Allegis Capital, Greylock Partners, and Shape Security chief executive Derek Smith also participated.
To date the startup has raised more than $9 million. It started last year and announced a $1.5 million seed round in August. In the past few months, Synack has increased its workforce from five to 15, and new employees will work on researcher outreach and development, Kaplan wrote.