Case Study: Okta achieves augmented internal testing and exceptional security ROI with Bugcrowd

How Okta’s Bug Bounty Program Augments Internal Testing and Delivers Incredible ROI

Okta, a leading provider of enterprise identity solutions, needed to scale and augment its internal security testing to improve coverage across the software development lifecycle and optimize limited internal resources. In early 2015 Okta partnered with Bugcrowd to launch a private bug bounty program that invited top researchers to complement its internal attack team and surface high-value vulnerabilities.

Bugcrowd supplied triage and program management and brought in hundreds of vetted researchers, delivering continuous, early-stage testing and ready-to-fix findings that reduced load on internal teams. The program produced strong throughput (220+ researchers, ~3,500 total testing hours, 15-hour average per researcher) and proved more cost effective than other testing methods, improving security ROI; Okta later expanded the program publicly to broaden researcher coverage (rewards up to $15,000).

Okta

David Baker

CSO