bugcrowd — the startup that uses a database of half a million hackers to help organizations like OpenAI and the US government to create and run bug bounty programs, cash rewards to freelancers who can find bugs and vulnerabilities in their code — has won a big cash prize of his own to further grow his business: a $102 million equity round.
General Catalyst is leading the investment, with previous backers Rally Ventures and Costanoa Ventures also participating.
Bugcrowd has raised over $180 million to date, and while the valuation was not disclosed, CEO Dave Gerry said in an interview that it is “significantly raised” on its latest round back in 2020, a $30 million Series D. One of the startup’s biggest competitors, HackerOne, was last valued $829 million in 2022according to PitchBook data.
The plan will be to use the funding to expand operations in the US and beyond, including possible mergers and acquisitions, and build more functionality on its platform, which – in addition to bug bounty programs – also offers services such as penetration testing and attack surface management. as well as training hackers to increase their skiilsets.
This functionality is both technical and human in nature.
Gerry jokingly describes Bugcrowd’s premise as “a hacker dating service,” but in more formal terms, it’s built around a two-sided security market: Bugcrowd crowdsources coders, who apply to join the platform showing off their skills. Coders can be hackers who only work on freelance projects, or people who work elsewhere and take on additional freelance work in their spare time. Bugcrowd then matches these coders, based on those particular skills, with ongoing reward programs among customers. These customers, meanwhile, range from other technology companies to any business or organization whose operations rely on technology to function.
In doing all of this, Bugcrowd has tapped into some important trends in the tech industry.
Organizations continue to build more technology to operate, and that means more applications, more automation, more integrations, and much more data moving from clouds to on-premises servers, from internal users to customers, and more. All of this means more opportunities for errors or bugs in the code—places where an integration might create a security vulnerability, for example. or simply lead to a piece of code that no longer works as it should — and a greater need for comprehensive work to identify those gaps.
Recent years have seen a flurry of new AI-powered security tools aimed at identifying and remediating these vulnerabilities in a more comprehensive and automated manner. But this has not yet replaced the role of human hackers. These hackers may work in a more manual way or may use automation tools to aid them in their bug hunting efforts, but they will still have a critical role to play in how this technology may be headed. As computer science continues to see a rise in popularity as a discipline, this has created a wider number of smart and technical people in the world who love to rise to this challenge, if not for the intellectual pursuit than the financial one. The most successful bounty hunters can build million dollars.
Gerry said the startup is growing more than 40% annually and approaching $100 million in annual revenue.
The startup is now primarily based out of San Francisco, having originally been founded in Australia by Casey Ellis, Chris Raethke and Sergei Belokamen (Ellis is still with the company as chief strategy officer. It now has “over” 500,000 hackers and is adding approx. 50,000 hackers a year on that number, Gerry said, and now has about 1,000 customers after adding 200 customers in the last year.
“Costanoa has watched Bugcrowd grow from an innovative idea for early adopters to a force multiplier for Fortune 500 companies today,” Jim Wilson, Partner at Costanoa Ventures, said in a statement. “Bugcrowd’s leadership team brings together seasoned experts with a deep understanding of cybersecurity trends and a proven ability to navigate the complexities of the industry. This next stage of growth led by Dave will allow them to expand their product offerings to help security executives gain even more value from the crowd. We are excited to continue our partnership with the team to capitalize on the significant opportunities ahead.”
