Name: Bugcrowd
Rating: 4.9 (27 reviews)

Overview

Service Information on Bugcrowd

Updated 13th October 2025

What is Bugcrowd?

Bugcrowd is a software platform that facilitates crowdsourced security testing by connecting organizations with a global community of security researchers. The software enables organizations to identify vulnerabilities in their digital assets through coordinated bug bounty and vulnerability disclosure programs. Bugcrowd provides workflow automation for program management, vulnerability reporting, and researcher engagement, allowing teams to prioritize and address security issues efficiently. The software supports compliance initiatives and integrates with development pipelines to enhance remediation processes. Bugcrowd addresses the business problem of managing external security assessments at scale, delivering structured reports and actionable insights to reduce cybersecurity risk across applications, networks, and systems.

Overall experience with Bugcrowd

CHIEF INFORMATION SECURITY OFFICER

<50M USD, Media

FAVORABLE

“Detailed Vulnerability Reports From Bugcrowd Reduce Investigation Time for Security Teams”

5.0

Sep 7, 2025

Bugcrowd researchers have provided an excellent level of service building confidence that the most difficult to reach vulnerabilities are identified which enables our team to resolve and uplift controls in an efficient manner. I consider BugCrowd my most important security control as it addresses where we have the highest level of risk-our external attack surface.

VP Engineering

<50M USD, IT Services

CRITICAL

“Extremely disappointed with with Support and Ops Management. ”

1.0

Feb 6, 2019

At the end of Q2 2018 I contacted a sales rep at Bugcrowd to see if they were able to do a price cut to hit sales numbers. They obliged and gave me a great deal. The handoff to the Solutions Architect was smooth but soon after working with him I started to see the problems. I had very explicit scope I did not want tested. This scope was immediately ignored by the solutions architect and every single person I dealt with after. The scope was very explicit not to make new accounts, but to use the ones created for them. Multiple internal Bugcrowd employees ignored my request, and then followed by multiple researchers who had this scope explicit in their req. I let them know every time they didn’t follow this process, informing them it is not acceptable as they were entering our sales channels. I informed them if it continued to happen, that the benefit of using Bugcrowd would be outweighed by the negatives of researchers not following this outlined process. I then informed Bugcrowd if it continued to happen I will request a refund. The issue continued so I requested a pro-rated refund. I was denied and then was asked if I could do something on my end to prevent their process of not following directions. I informed Bugcrowd to pause the program because it doesn’t make sense for me to hardcode around their email addresses for their own lack of control and that the Bugcrowd platform from now moving forward has no use to me. Over the 5 months I have been using their program I did not see material results until month 4. In that month they were all very low priority bugs, some worth fixing, some not. I do not recommend their products if you want anything more than a rubber stamp of having a ‘bug bounty program.’

About Company

Company Description

Bugcrowd is a San Francisco-based security company specializing in crowdsourced security solutions. The company offers organizations a proactive approach against potential threats. By using an AI-driven platform, Bugcrowd unites the organization with trusted hackers who aim to safeguard assets ahead of malicious attacks, offering control against such actions. This cohesive approach enables an anticipative breach prevention, helping organizations stay ahead of sophisticated threat actors.

Company Details

Company type

Private

Year Founded

2012

Head office location

San Francisco, United States

Number of employees

201 - 500

Website

https://www.bugcrowd.com

Do You Manage Peer Insights at Bugcrowd?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: Bugcrowd

Performance of Bugcrowd Across Market Features

Bugcrowd Likes & Dislikes

The reports are submitted with enough detail to allow my team to replay the attack, which drives investigation on the backend services that are involved in exposing the vulnerability. This thoughtful part of the program ensures that we are not dealing with theoretical finds; and greatly reduces investigation time. The Bugcrowd triage team doesn't get enough credit for their ability to identify duplicative issues and keep them from flowing through the process. This enables us to work on unique issues.

In month 4 I received some submissions.

Strong user community: Bugcrowd provides access to skilled security researchers from around the globe, which provides a wide range of expertise in different domains that can be helpful in uncovering any vulnerabilities that were missed by internal or automated tools. Bugcrowd also provides capabilities for integration with tools like JIRA and Slack which is helpful in automating and streamlining the vulnerability management process.

For a while, there was no ability to mark a valid report as Will Not Fix. However, I raised this issue with BugCrowd and within a month or two, they added a state of Informational. I like this state even more as it's not advertising that we are accepting known exploitable vulnerabilities.

Customer Success and management of their researchers.

As of now, I do not have any dislike about the product or services offered by bugcrowd.

Top Bugcrowd Alternatives

Peer Discussions

Bugcrowd Reviews and Ratings

Recommended Gartner Insights

Market Guide for Application Crowdtesting Services

<50M USD

Media

Review Source

Detailed Vulnerability Reports From Bugcrowd Reduce Investigation Time for Security Teams

IT SECURITY ENGINEER L2

IT Services

Harnessing Global Expertise in Cybersecurity with Bugcrowd

Dec 3, 2024

Bugcrowd is one of the most recognized companies in the cyber security industry. Bugcrowd provides a leading platform to manage bug bounty programs for many organizations through bug bounty programs and crowdsourced security testing. Bugcrowd provides a streamlined workflow for identifying vulnerabilities and how to remediate them. Bugcrowd provides integration capabilities with tools like JIRA and Slack which can be helpful in streamlining the overall vulnerability process.

CIO

Gov't/PS/Ed

Government

Amplifying Pen-Testing Services through Crowdsourced Platforms

Jul 24, 2024

This has been a great company to work with so far. We evaluated several providers in the crowdsourcing market to help augment our commercial pen testing services. They have been great to work with and have provided a lot of value to our cybersecurity operations.

Security Operations Manager

Real Estate

Get high accuracy signals about exploitable vulnerabilities on your perimeter

Jan 23, 2024

The BugCrowd team have truly gone above and beyond to accomodate our requirements throughout the partnership. Being new consumers of such services, this has really helped us lower the barriers for our stakeholders within the organisation.

DIRECTOR OF APPLICATION SECURITY

10B+ USD

Software

I'm happy with my bug bounty program on Bugcrowd.

Jan 18, 2024

Bugcrowd is a great bounty provider, and works with its customers and its bug bounty community very closely. I have used them in multiple work places, and in my opinion a Bug Bounty program is a must have for all companies that have an online presence.