“In the tax preparation software industry, we deal with highly sensitive data for a large number of individuals. You can pretty much learn anything you want to know about an individual from their tax return. And because of that, we need to make sure the data stays completely secure, which starts with making sure the applications we’re developing are secure as well.”
Bug Bounty Programs
Financial Services
Based out of Augusta, Georgia, TaxSlayer, a leading tax preparation and financial technology company, offers the ability for millions of Americans to electronically file their taxes. The company successfully completed more than 10 million state and federal e-filed tax returns in 2018 and processed $12 billion in refunds. TaxSlayer is highest rated for ease of use, speed of filing, best value and most trusted according to the 2017-18 American Online Tax Satisfaction Survey. Customers rate TaxSlayer’s TrustScore is an 8.5 out of 10 on Trustpilot. Given the nature of their business, having security built into its software is paramount.
While TaxSlayer wanted to employ the expertise of independent, unbiased researchers outside of the organization for breath and depth of testing, they also wanted the flexibility to tailor their testing pool based on specific skill sets.
Private bug bounty programs allow organizations to harness the power of the Elite Crowd – diversity of skill and perspective at scale – in a more controlled environment. At Bugcrowd, only those researchers who have a proven track record, those who have proven their skill and trustworthiness receive invitations to private programs. Private programs can be scoped or built around a customer’s testing needs and parameters. A private program can also meet requirements around background checking, ID verification or even location.
Bugcrowd provides TaxSlayer with access to Elite whitehat hackers around the world who test the front- and back-end functionality of TaxSlayer’s professional and individual tax preparation products. With help from Bugcrowd, TaxSlayer offers a secure and reliable product for the millions of Americans that use its service.
For TaxSlayer, implementing a bug bounty program with Bugcrowd was a no brainer, freeing up internal resources and demonstrating a return on investment immediately.
The vulnerability information we receive from the program has proven to be a valuable tool in training our internal employees on what to look for, and how to use the tools associated with doing application security testing.
Michael Blache, CISO
Prior to running a bug bounty program with Bugcrowd, TaxSlayer lacked visibility. While they were using a variety of application security testing solutions, they worried vulnerabilities were falling through the cracks. Implementing a bug bounty program with Bugcrowd provided the visibility TaxSlayer needed to quickly find critical vulnerabilities.
TaxSlayer not only uses the vulnerability information to remediate vulnerabilities, the company has used it as a training tool for the security and development teams. Bugcrowd hackers provide a lot of detail about how to replicate the bugs and the remediation steps and resources include details on how to avoid the vulnerability in the future. TaxSlayer uses this information to train their internal teams.
Bugcrowd simplifies and streamlines vulnerability disclosure and remediation. With the largest, most experienced team for managed crowdsourced security programs Bugcrowd has 4x more experience managing bug bounty programs than the competitor.
Instructure, from its inception, has proactively published the results of its annual security survey to add full transparency to its...
After evaluating their current testing capabilities and organizational goals, Aruba decided to harness the collective power of human intelligence through...
From self-parking cars to smart personal assistants, AI is changing the way we live. All AI systems rely on data...
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.