90% of companies interested in crowdsourced security programs

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program.

crowdsourced security programs

Key findings of the Security Leadership Study – Trends in Application Security report released by Bugcrowd include:

Crowdsourced security making waves: Nearly 90 percent of companies surveyed are already running, plan to run in the next 12 months, or are interested in running a crowdsourced security program at some point, indicating a growing acceptance of and reliance on nontraditional methods for defense.

Underprotected apps causing heartburn for large organizations: Large enterprises (more than 2,500 employees) typically operate a high number (over 1,300) of complex applications but only protect 60 percent of them, leaving more than 500 applications unprotected at a time where adversarial attacks are increasing.

Crowdsourced security delivering ROI: Companies find the top benefits of crowdsourced cybersecurity are paying for valid results rather than effort or time (44 percent), reflecting a strong ROI value proposition, and the continuous coverage of applications (42 percent), a nontrivial benefit given the ongoing proliferation of applications in today’s software-driven economy.

New acceptance of complementary approaches to security: A majority of security leaders see room to add continuous crowdsourced security penetration testing program to their traditional point-in-time penetration testing efforts – with 60 percent calling next generation penetration testing complementary for companies to find and fix vulnerabilities faster.

Security collaboration powers a DevSecOps world: More than 80 percent of companies are planning to integrate cybersecurity processes and controls in the continuous integration and continuous delivery (CI/CD) processes of a DevOps approach (i.e. DevSecOps) for more conducive collaboration.

crowdsourced security programs

“The increasing number of unfilled cybersecurity jobs and the pressure to bring products to market faster have contributed to the growing and under-defended attack surface,” said David Baker, chief security officer at Bugcrowd.

“Our latest survey with ESG underscores how crowdsourced cybersecurity is quickly becoming a foundational element of any organization’s cybersecurity program.”

The study was developed in conjunction with Enterprise Strategy Group (ESG) and 200 CISOs and cybersecurity decision makers in the United States and Canada were surveyed.