Case Study: Instructure uncovers more critical vulnerabilities and modernizes annual security audits with Bugcrowd

Instructure - Customer Case Study

Instructure, the maker of the Canvas learning management system, historically published an annual security survey based on traditional penetration testing but found those engagements predictable and limited in scope. Seeking greater transparency and deeper, more actionable results to protect student data and curriculum content, Instructure replaced its legacy pen tests with a new approach in 2014.

Using Bugcrowd’s On‑demand Private Bug Bounty and Crowdcontrol platform, Instructure engaged a curated global pool of researchers whose creativity and broad expertise uncovered substantially more critical issues — including a reported 5× increase in findings — across new areas of the application. Bugcrowd managed submissions, validation, prioritization and reporting, which improved collaboration with engineering, sped remediation via Jira-ready reports, delivered clear ROI, and led Instructure to expand ongoing bug bounty programs.

Instructure

Wade Billings

Senior Director of Global IT Services