How a Fully Managed Bug Bounty Program Keeps InVision Secure

About InVision

InVision, the award-winning product design collaboration platform, prioritizes product security with a robust approach to vulnerability management. To stay ahead of malicious attackers, InVision has implemented a suite of industry leading security tools and practices such as web application firewalls, regular vulnerability scans, third-party penetration tests and more. Still, they recognized with the innovation and evolving techniques of nefarious outsiders, they were fighting a losing battle that was leaving their applications potentially vulnerable. They needed a better solution.

• With an expanding attack surface and so many channels for vulnerability detection, simply maintaining continuous vulnerability assessment while juggling every other security function had become a real challenge.
• InVision recognized that even with the multitude of application security tools and services available, small and large companies alike were being compromised. Clearly, companies are at an unfair advantage when it comes to keeping up with their adversaries.

The Value of Managed Bug Bounty Programs

InVision initially launched a self-managed bug bounty program to meet those challenges but quickly became overwhelmed with managing the volume of submissions–from communicating with researchers and replicating vulnerabilities to coordinating development time and effort to deploy solutions. Bugcrowd’s fully managed solutions offered them an opportunity to offload much of that work and focus on more sensitive areas within their application security organization.

Improved Their Team’s Efficiency

Bugcrowd’s platform and team of experts provide bug triage, validation, de-duplication, while also recommending prioritizations and handling all researcher communication.

This management has reduced InVision’s time and resource requirements by at least 80% and has optimized their security and engineering teams’ time to remediate issues faster and focus on other organizational priorities.

Enhanced InVision’s Security Posture

The InVision bug bounty program consistently provides a wide array of submissions as well as high-quality findings.

Through this 24/7 coverage, the opportunities at finding critical, hidden holes are significantly improved. It also aligns more closely with their development cycles and helps their engineering teams identify and prevent recurring secure coding issues.