Bugcrowd — the startup that taps into a database of half a million hackers to help organizations like OpenAI and the U.S. government set up and run bug bounty programs, cash rewards to freelancers who can identify bugs and vulnerabilities in their code — has picked up a big cash award of its own to grow its business further: an equity round of $102 million.
General Catalyst is leading the investment, with previous backers Rally Ventures and Costanoa Ventures also participating.
Bugcrowd has raised over $180 million to date, and while valuation is not being disclosed, CEO Dave Gerry said in an interview it is “significantly up” on its last round back in 2020, a $30 million Series D. As a point of comparison, one of the startup’s bigger competitors, HackerOne, was last valued at $829 million in 2022, according to PitchBook data.
The plan will be to use the funding to expand operations in the U.S. and beyond, including potentially M&A, and to build more functionality into its platform, which — in addition to bug bounty programs — also offers services including penetration testing and attack surface management, as well as training to hackers to increase their skiilsets.
That functionality is both of a technical but also human nature.
Gerry jokingly describes Bugcrowd’s premise as “a dating service for people who break computers” but in more formal terms, it is built around a two-sided security marketplace: Bugcrowd crowdsources coders, who apply to join the platform by demonstrating their skills. The coders might be hackers who only work on freelance projects, or people who work elsewhere and pick up extra freelance work in their spare time. Bugcrowd then matches these coders up, based on those particular skills, with bounty programs that are in the works among clients. Those clients, meanwhile, range from other technology companies through to any enterprise or organization whose operations rely on tech to work.
In doing all this, Bugcrowd has been tapping into a couple of important trends in the technology industry.
Organizations continue to build more technology to operate, and that means more apps, more automations, more integrations and much more data is moving around from clouds to on-premises servers, from internal users out to customers, and more. All of that means more opportunities for mistakes, or bugs, in the code — places where an integration may create a security vulnerability, for example; or simply result in a piece of coding no longer working as it should — and a greater need for comprehensive work to identify those gaps.
Recent years have seen a profusion of new security tools, powered by AI, that aim to identify and remediate those gaps in a more comprehensive and automated way. But that still has not replaced the role of human hackers. Those hackers might work in a more manual way, or they might use automation tools to help them in their bug-hunting efforts, but will still have a critical role to play in how that tech might be directed. As computer science continues to see a rise in popularity as a discipline, that’s produced a wider number of smart and technical people in the world who like to rise to that challenge, if not for the intellectual pursuit for the financial one. The most successful bug bounty hunters can make millions of dollars.
Gerry said that the startup’s been growing at over 40% annually and is approaching $100 million in annual revenues.
The startup is now mainly headquartered out of San Francisco, after being originally founded in Australia by Casey Ellis, Chris Raethke and Sergei Belokamen (Ellis is still with the company as chief strategy officer. It now has “well over” 500,000 hackers and is adding around 50,000 hackers annually to that number, Gerry said, and now has some 1,000 customers after adding 200 clients in the last year.
“Costanoa has watched Bugcrowd grow from an innovative concept for early adopters to being a force multiplier for Fortune 500 companies today,” said Jim Wilson, Partner at Costanoa Ventures, in a statement. “Bugcrowd’s leadership team brings together seasoned experts with a deep understanding of cybersecurity trends and a proven ability to navigate the complexities of the industry. This next stage of growth under Dave’s leadership will allow them to expand their product offerings to help security executives get even more value from the crowd. We are excited to continue our partnership with the team to capture the significant opportunities ahead.”