A year ago, we launched our crowdsourced security community Detectify Crowdsource. It’s been a fantastic year filled with exciting security research that has attracted worldwide media attention, and our customers have experienced the benefits of scanning their websites for fresh vulnerabilities submitted by Crowdsource hackers from around the globe.
One year of ethical hacking
It all started with an idea that sounded really cool and was aligned with our vision to save the internet using white-hat hacker knowledge. Then, on November 10, 2016, came a platform together with invites sent out to a couple of security researchers. A year later, Crowdsource has over 100 members and provides valuable security research that helps protect our customers.
We have asked Crowdsource Community Manager Kristian Bremberg what the past year has been like: “It has been exciting to work with very skilled hackers. Seeing the community grow and develop into something researchers find very valuable feels like giving something back to the web app security and bug bounty community.”
Detectify’s Software Engineer Martina Janevska, who has been developing the platform from the earliest stages, explains what it was like to build Crowdsource from scratch: “It’s been inspiring! It’s really great when you know you’re working on something that has the potential to be of a great value for a lot of users. Also because you get to work with the best white hat hackers from all over the world. It’s great fun!”
The year in numbers
With 345 submissions, 10 037 hits, and 128 security researchers, it’s been an exciting year! The most commonly submitted vulnerability was XSS, but the submissions covered a wide range of technologies, reflecting the hackers’ varied skillsets.
It is difficult to pick just one highlight of year, but our Community Manager Kristian Bremberg describes one that really stands out: “One of the best moments in Crowdsource was when one researcher earned over 2000$ in just little over one week for two submissions. It was really fun to see how big of an impact Crowdsource can have in a security researcher’s journey.”
Developing the platform
In combining bug bounties with automation, Detectify Crowdsource is the first platform of its kind. The submitted vulnerabilities are built into the Detectify scanner as automated modules that test the security of our customers’ web applications. This way, one submission can help secure hundreds of sites and maximize the impact of the hacker’s finding!
“Crowdsource has developed into a very unique bug bounty platform where hackers from all over the world with different areas of expertise submit their security research. This huge scope is extremely valuable as it allows our service to check for vulnerabilities in all kinds of technologies,” Community Manager Kristian Bremberg explains.
Throughout this year, we listened to Crowdsource hackers and their suggestions to develop a platform that suits their needs and fits into their bug bounty workflow. We would like to thank the community for a great year and all the feedback that has helped us shape Crowdsource!
An international community of white-hat hackers
Crowdsource hackers come from all over the world and have different approaches to ethical hacking. However, they all have one thing in common, Kristian Bremberg explains: “Everyone shares the goal of being part of the journey from finding a vulnerability and getting it fixed, and getting a financial reward for their work.”
While bringing white hat knowledge and automation together is the core of Crowdsource’s mission, we have also worked a lot with security awareness and sharing insights into the world of ethical hacking. We have interviewed hackers like Yasin Soliman and Peter Jaric, and published security write-ups written by Crowdsource hackers covering everything from hacking career sites to finding a stored XSS in a popular plugin.
To keep up with the latest news from Detectify Crowdsource, follow the Crowdsource section on our blog >>
The future is bright
After a successful first year, what does the future hold in store for Detectify Crowdsource? Kristian Bremberg explains that the platform will continue to grow as more researchers join the platform: “We aim to create the bug bounty platform the scene needs and we will do that by listening to our researchers and staying up-to-date with how the bug bounty scene develops.”
Kristian also points out that Crowdsource is unique, which makes the journey all the more exciting: “Crowdsource is not another bug bounty platform, it is a whole new way of researching vulnerabilities.”
It’s been an exciting year, but we’re only just getting started. Here’s to more ethical hacking, more hits, and more secure websites! Together we are working towards our vision of a more secure internet.