Case Study: Schoology achieves stronger student and teacher data security with Bugcrowd

Bugcrowd Helps Schoology Keep Students' and Teachers’ Data Safe

Schoology, a leading K–12 learning management and assessment platform used by millions, must protect sensitive student, teacher, parent, and administrative data as classrooms become increasingly digital. Although security has been part of Schoology’s DNA, the evolving threat landscape and a growing attack surface in education pushed the company to seek more adaptive, continuous testing beyond internal efforts.

In 2015 Schoology partnered with Bugcrowd to run a private bug bounty and Vulnerability Disclosure Program, then refined the program with rotated researchers, focused scopes, comprehensive onboarding, and expert triage. The effort produced 132 rewarded vulnerabilities ($34,900 paid), a triage-to-resolution acceptance rate above 92%, stronger security processes, better alignment of testing with development cycles, and greater confidence in releases and ongoing ROI.

Schoology

Alberto Silveira

VP of Software Engineering