Case Study: The Office of the Minnesota Secretary of State reduces risk and uncovers high-impact vulnerabilities with Bugcrowd's Vulnerability Disclosure Program

The Office of the Minnesota Secretary of State takes a proactive approach to security

The Office of the Minnesota Secretary of State, a statewide government agency serving voters, candidates and businesses, needed to protect large volumes of confidential information and wanted a proactive, innovative approach to reducing cyber risk. Facing its first vulnerability disclosure program (VDP), the office evaluated working with ethical hackers to supplement its security posture and demonstrate a visible commitment to protecting constituents’ data.

The office partnered with Bugcrowd to launch a VDP, tapping the hacker community for real-world testing and long-term program support. As a result it uncovered hidden, high-impact vulnerabilities, reduced noise from false positives, improved its security reputation, built productive relationships with researchers, established a clear public reporting process, and achieved rapid triage (average 1.8 days), with plans to expand the program.

The Office of the Minnesota Secretary of State

Dan Auger

Enterprise Architect