TrustRadius: an HG Insights company
Back to Overview
Bugcrowd Logo

Bugcrowd Reviews and Ratings

Rating: 9.5 out of 10
Score
9.5 out of 10
Request a Demo

Community insights

TrustRadius Insights for Bugcrowd are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Recommendations

Users have made several recommendations based on their experiences with Bugcrowd:

  • Improve the interface: Some users have expressed that they find the interface of Bugcrowd to be less appealing compared to HackerOne. They suggest making enhancements to make it more user-friendly and visually appealing.

  • Maintain high-quality researchers: Users recommend having a good moderator for Bugcrowd to ensure that only quality researchers are invited to participate. This is seen as crucial for obtaining valuable results and insights.

  • Utilize Bugcrowd for security solutions: Many users recommend using Bugcrowd for security purposes, noting its effectiveness in finding bugs in organizations' code. They find the platform exciting and simple to use, particularly for development tracks and authentication.

It's worth mentioning that while users generally have positive experiences with Bugcrowd, some mention that the cost can be a downside. However, they still appreciate the peace of mind and valuable insights provided by the team of researchers. Some users suggest negotiating with Bugcrowd at the end of a quarter to potentially mitigate the pricing concerns.

Reviews

1 Review

Great results for a great price.

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

We use Bugcrowd for their on-demand crowd-sourced penetration test to test our SaaS application. This allows us to get a number of security researchers involved in looking at our product to find potential vulnerabilities.

Pros

  • Having a pool of security researchers helps keep the penetration tests broad, getting the most bang for your buck.
  • The integration with Slack makes it easy to keep tabs on the program and when new findings are submitted.
  • The interface is pretty simple to use and fairly intuitive.

Cons

  • The success of your program highly depends on the moderator that is assigned to your project. A good moderator will continue to find researchers until the quota is full. Less than stellar moderators will send out one invite and sees what sticks.
  • Not all researchers are as professional as one might hope. This can ruin the experience.

Likelihood to Recommend

Bugcrowd is great for bug bounty programs and as a cheaper alternative to a full-blown penetration test. Small to medium-sized companies who are serious about security, but don't have the budget for a $40,000 penetration test, this is a great solution. Bugcrowd isn't going to be able to do much of the white-box penetration testing (code reviews), as they are more suited for grey-box and black-box. A program like this will need at least one dedicated person to work with the moderator, verify findings, and decide on the severity of the finding.

CP
Chase Palmer, CISSP
Security Engineer II in Engineering at Lucid (501-1000 employees)
Vetted Review
Bugcrowd
2 years of experience
View profile