Bugcrowd has announced a new CEO, Ashish Gupta to take the helm from founder Casey Ellis, who has stepped aside to assume the role of Chairman and CTO of the firm he founded five years ago in 2012.
The move shows a level of maturity on behalf of the company, and indeed Ellis. Startup founders often find it hard to make way for a dedicated CEO that can lead the company through the next level of its growth. By appointing a CEO, Ellis can focus on what he is best at, the technology, the product, the game theory, and the crowd itself.
Congratulations to @caseyjohnellis for growing @Bugcrowd so big he can hire someone to do the shit work freeing him up to focus on fun stuff
— the grugq (@thegrugq) August 28, 2017
The Grugq quipped that Ellis has successfully grown the company to the level that he can now outsource the boring work. While it may not be completely factually correct, the sentiment rings true.
Bridging communities
It’s also important to take a step back and examine what factors have led to the success of Bugcrowd as a company.
While its platform has definitely helped, as has funding, the real value Bugcrowd has brought to the table is its ability to bridge together communities.
The word community is thrown around a lot in the security world, almost as much as the Fast and Furious franchise uses the word family. But in this case, the sentiment is true.
Vendors and security researchers have a long and well-documented strained relationship. The debate around responsible disclosure has led to more heated arguments than climate change, or the link between vaccinations and autism.
On the surface, what companies like Bugcrowd offer is no different from any of the other “sharing economy” companies such as Uber or AirBnB. But that is an overly simplistic generalisation.
Companies that open bug bounty programs have a variety of needs, objectives and goals. Some will offer large cash rewards, while others can only afford a public acknowledgement and tip of the hat. Some have very strict requirements as to what is in scope, while others cast a much wider net.
In that regard, it’s a bit more like internet dating. Trying match up the right couples who have complex needs and requirements, whilst trying to ensure neither is an axe murderer in their spare time.
Inevitably, not every bug bounty will satisfy researchers and companies, but despite that, Bugcrowd has managed to build up its brand and influence. Its marketing campaigns and rewards to researchers has helped showcase talents and build trust.
Perhaps the biggest success of the company is that it has been successful in shining the spotlight on its researchers and participating vendors as opposed to itself. Maybe that’s what community is all about – highlighting the successes of others before yourself.
Javvad Malik 