Products
Bug Bounty Program
Industry
Technology
-
Challenge
After evaluating its current testing capabilities and organizational goals, Aruba was struggling to get the coverage it required for its growing portfolio of products.
-
Outcome
As one of the first organizations to utilize an Ongoing Private Bug Bounty to test hardware, Aruba has been recognized by the security research community for its commitment and innovation. Read the full case study below to learn more about Aruba’s bug bounty programs.
Taking Advantage of the Crowdsourced Security Model, Aruba Networks is committed to building smarter networks and enabling secure connectivity for mobile and IoT.
As Aruba scaled its operations to meet demand, it knew that product and application security needed to be prioritized. Aruba brought on an all-star security team, carried out multiple expensive third-party testing engagements and even hired some independent security researchers to freelance. Even still, they needed more eyes looking at their attack surface and turned to Bugcrowd to augment their existing efforts.
After evaluating their current testing capabilities and organizational goals, Aruba decided to harness the collective power of human intelligence through Bugcrowd’s more focused Ongoing Private Bug Bounty Program.
Program Highlights
With the Ongoing Private Bug Bounty Program, Aruba has been able to tailor their testing pool based on specific skill sets, have more direct communication with a smaller group of testers, while still taking advantage of the crowdsourced model. After over three years of utilizing the crowd to test their products and applications, Aruba has seen tremendous results, have positioned themselves as thought leaders in application security, and have seen continued traction in their programs.
Aruba, one of the first organizations to utilize the Ongoing Private Bug Bounty to test hardware, has been recognized by the security research community for its commitment and innovation. To provide Aruba Networks with increased privacy and control, Bugcrowd segmented and invited 100 of the top vetted and trusted researchers to participate in its Ongoing Private Bug Bounty Program in early 2014.
Because of its consistency, the Aruba program has retained astounding traction over three years.
We have products that cover a wide variety of applications that utilize various technologies, so we need security testing that can cover all those areas. Bugcrowd’s Ongoing Private Bug Bounty is the best way to get the coverage. Of course, this entire line of thinking starts with the premise that we think product security is of the utmost importance – we want to find the problems before someone else does so that we can help keep our customers secure.
The Value of an Ongoing Private Bug Bounty
Ongoing Private Bug Bounty Programs are ideal for testing targets that are not already publicly accessible such as systems on staging environments, applications that require credentials or logins, and even physical devices. To gain access to private programs, researchers are vetted, verified and trusted through participation in public programs.
Working Closely with the Researcher Community
Working with the security researcher community is one of the greatest value-adds of the Ongoing Private Bug Bounty Program for Aruba. The team have exhibited immense dedication to the community with a fast response time, consistent communication, and a documented coordinated disclosure policy. These factors have helped the Aruba team gain valuable testing efforts from some of the top bug hunters in the world.
Subscribe for updates
Get Started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.