Bug bounty platform Bugcrowd has raised $26 million in a series C round of funding led by Triangle Peak Partners, with participation from Salesforce Ventures, Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Stanford, Hostplus, and First State Super.
Founded out of San Francisco in 2012, Bugcrowd connects companies with security researchers and the broader whitehat hacking community to find and fix vulnerabilities for a fee. Customers include Tesla, Fitbit, Mastercard, Square, and Atlassian.
Bugcrowd had previously raised around $23 million, and with this latest cash injection it plans to “fuel its market growth” and “drive product innovation,” according to a statement issued by the company.
“The dearth of cybersecurity defenders within organizations and the shortcomings of status quo security approaches is increasingly being addressed by crowdsourced security testing, as it cost-effectively brings the creativity of the crowd to outsmart adversaries,” said Bugcrowd CEO Ashish Gupta.
Reports suggest there will be a huge cybersecurity workforce shortfall in what is expected to be a $165 billion market by 2023. Anticipation is leading to significant investment across the board, with major tech companies such as Microsoft making numerous cybersecurity acquisitions in recent times. In the past few days alone, security startups Phantom and PhishMe were both acquired for a combined $750 million.
Of course, one way to circumvent the perennial issue of limited in-house resources is to outsource the work to the broader hacker community, which is where platforms such as Bugcrowd come into play. Google recently revealed it has paid out around $12 million in bug bounties since 2010, a quarter of which came in 2017 alone, while Apple launched its very first bug bounty program less than two years ago.
Other notable bug bounty platforms in the space include HackerOne, which has raised north of $70 million in funding, including a hefty $40 million tranche just last year.
“Every digital business today should take advantage of bug bounty programs, especially given the increased sophistication of cyberattacks and the proven effectiveness and power of the crowd in identifying these threats before they cause damage,” added Dain DeGroff, partner and president at Triangle Peak Partners, who also now joins Bugcrowd’s board. “Bugcrowd has built a successful business model addressing a growing and critical need.”