Case Study: Twilio achieves stronger product security through crowdsourced bug bounties with Bugcrowd

How Twilio Has Successfuly Harnessed the Power of the Crowd for Years

Twilio, the San Francisco–based cloud communications company, needed a scalable way to strengthen product security and focus resources on the highest-risk areas. Although they had strong internal security practices, they wanted broader testing coverage and outside perspectives to uncover additional vulnerabilities and refine their security priorities.

They partnered with Bugcrowd using a “crawl, walk, run” bug bounty approach—starting private, then moving public and increasing rewards—to engage a global researcher community. The program generated 1,200+ submissions from 500+ researchers across 64 countries, paid out $50K (with rewards up to $5,000), and produced an average priority score of 3.28. This crowdsourced layer found high-value issues, improved ROI, and freed Twilio’s security team to focus on other priorities while maintaining strong researcher relationships.

Twilio

Coleen Coolidge

Sr. Director, Information Security