Case Study: Western Union achieves stronger application security and compliance with Bugcrowd

Bugcrowd Enters Financial Sector, Announces Managed Bug Bounty Program for Western Union

Western Union, a long-standing U.S. financial institution operating in 144 countries and moving millions of dollars daily, faced the challenge of protecting a complex, highly connected set of web properties while finding critical vulnerabilities faster and more efficiently amid limited internal resources and growing threat sophistication.

To address this, Western Union partnered with Bugcrowd, launching a private bug bounty in 2014 and expanding to a public program in 2015. The crowdsourced program and Bugcrowd’s triage services produced 2,000+ submissions from 600+ researchers, yielding 800+ valid bugs (80+ critical), reduced false positives and noise, and enabled quicker fixes—strengthening customer protection and scaling their application security testing.

Western Union

David Levin

Director, Information Security