6 years ago today I got off a plane armed with a bunch of notes. I’d spent a week meeting with pen-testing customers in Melbourne, and I’d been talking to them about bug bounty programs.
These conversations and a set of ideas I’d been noodling on for a few years prior coalesced on that flight, and the “lightbulb went off” — I suddenly had a very clear picture of the true opportunity, how to do it, and what I should name it:
I hauled ass back to my computer at home, registered the @bugcrowd Twitter handle and the bugcrowd.com domain, and boom — Bugcrowd was born! I started invited hackers to sign up, ran a PoC bounty on a little Rails app the following week, brought on a Co-founder, and we started running programs for customers and charities less than 3 months later.
It seems like a million years ago and yesterday all at the same time!
Since then the team, our customers, the crowd, and even the competitors who’ve joined our space have together achieved the most important thing I had in mind that day: The acceptance of crowdsourced security has irreversibly changed, and improved, how the Internet defends itself.