Bugcrowd connects companies' security and dev teams to vetted and talented security researchers worldwide to run crowd-powered private and public bug bounty programs.
N/A
Keeper
Score 8.1 out of 10
N/A
Keeper's password security and management platform boasts millions of people and thousands of businesses as users, who manage, secure and enforce strong passwords across all employee logins, applications and sites. Employees can access Keeper natively on all mobile operating systems, desktops and browsers. Keeper enables businesses to auto-generate high-strength passwords, protect sensitive files in an encrypted digital vault, securely share records with teams and integrate with SSO, LDAP and…
Bugcrowd is great for bug bounty programs and as a cheaper alternative to a full-blown penetration test. Small to medium-sized companies who are serious about security, but don't have the budget for a $40,000 penetration test, this is a great solution. Bugcrowd isn't going to be able to do much of the white-box penetration testing (code reviews), as they are more suited for grey-box and black-box. A program like this will need at least one dedicated person to work with the moderator, verify findings, and decide on the severity of the finding.
I can only think of scenarios where Keeper is well-suited, in my experience. I work in small business (i.e., sole proprietor, 1 employee) environments and Keeper is well-suited to my needs. I imagine it would also be well-suited to multi-user environments, but would require a great deal more management and organization in such environments.
The success of your program highly depends on the moderator that is assigned to your project. A good moderator will continue to find researchers until the quota is full. Less than stellar moderators will send out one invite and sees what sticks.
Not all researchers are as professional as one might hope. This can ruin the experience.
It's just easy to use, plain and simple. It has the complexity and user-interface that gives you confidence in its build but the ease-of-use that keep things from getting too complicated. A huge plus when you have to onboard new members of the team or summer interns when you need them to step in and make orders on your behalf.
Budget was ultimately the reason we went with Bugcrowd initially. Bugcrowd allowed for us to come up with our own bounty scale to fit out budget. Most other companies had a fixed scale, or the scale was not as flexible as we wanted it. Traditional penetration testing companies were very expensive.
I have used the Apple cloud, but if you forget your password into that, once again, you’re at the mercy of calling customer service. With Keeper, you can use the thumbprint option to log on, and there’s any of your needed passwords. It’s fast and simple, and you don’t have to wait online to unlock the app you’ve locked yourself out of.
We have received some great results for a great price. We've also received some poor results at the same price.
Bugcrowd is not always recognized as a "real" penetration test, but for the most part, we have not had any problems with customer accepting our reports.
Overall, Bugcrowd has been an overall good experience, but we have had a poor moderator from time-to-time that has resulted in less than ideal results.
The spreadsheets and printed papers being passed around the office with passwords on them have gone! This is a huge security hole plugged.
Users actively use the software which says something - it is easy to use and intuitive. When software is not intuitive, it tends to not get used.
It gives IT control over who does what with passwords, and while difficult to quantify it is certainly a dramatically positive impact on the organization.
