Crawl, Walk, Run: How Twilio Has Successfully Harnessed the Power of the Crowd for Years

Download Case Study
Products

Bug Bounty Program

Industry

Technology

  • Solution

    Twilio started with a private bug bounty program and moved to a public bug bounty program.

  • Outcomes

    • Crowdsourced testing has improved upon their existing Product Security initiatives, finding additional unknown and high-value vulnerabilities and an incredible return on investment.
    • The additional layer of triage and validation provided by Bugcrowd has allowed them to increase their vulnerability finding capabilities while freeing up resources and allowing their security team to focus on other areas of the business.

Improving Product Security with the Crowd

Twilio, the cloud communications company out of San Francisco, CA, is an early adopter and innovator in the cybersecurity domain. Although they have consistently prioritized Product Security, they wanted to concentrate their efforts on the areas of greatest risk. To help augment their internal and external testing efforts, they turned to the crowd to start uncovering more vulnerabilities and learn from those findings.

Crawl, Walk, Run Approach


Not only have they leveraged the global crowd of independent security researchers through Bugcrowd for over two years, but they have utilized the model in a variety of ways and have benefited from their consistent engagement.

Working Closely With The Crowd

Through their private and public bug bounty program, they have strengthened their relationship with the researcher community and received steady contributions with many top researchers. This collaboration has been successful, as proof of the depth and breadth of their results and strong engagement across the researcher community.

This is one of the most important aspects of their bounty program, and their commitment to maintaining a healthy relationship with researchers has been noticed. At left are two top contributors on why they appreciate the Twilio program

By adding the power of the talented researcher community to our Product Security program, we’ve learned a lot about how people outside the company think about our products, additional scenarios where products can be at risk and what else we could do to protect our products. We’ve used this information to put a sharper focus on the areas of greatest risk, which has been invaluable to us as we scale.

Coleen Coolidge, Senior Director, Information Security

Key Learnings

In addition to receiving high-quality results through their bug bounty program, Twilio has learned a lot from working with the security researcher community.

With Bugcrowd’s support, their bounty program has helped them meet their overall Product Security needs and goals:

  • Crowdsourced testing has improved upon their existing Product Security initiatives, finding additional unknown and high-value vulnerabilities and an incredible return on investment.
  • The additional layer of triage and validation provided by Bugcrowd has allowed them to increase their vulnerability finding capabilities while freeing up resources and allowing their security team to focus on other areas of the business.

Their success is indicative of their commitment to Product Security, and they will continue to evolve and maintain their bug bounty program.

Subscribe for updates

Read more customer case studies

Aruba Networks

After evaluating their current testing capabilities and organizational goals, Aruba decided to harness the collective power of human intelligence through...

Read More

TX Group

TX Group AG is a media company headquartered in Switzerland. Through a portfolio of daily and weekly newspapers, magazines and...

Read More

Atlassian

Collaboration is central to Atlassian’s mission, as evidenced by products like the Atlassian Marketplace. This platform connects external developers with...

Read More

Get Started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.

Try Bugcrowd Contact Us