Casey Ellis, Founder of BugCrowd: When Known Vulnerabilities are Life or Death

Casey Ellis is the founder of BugCrowd, the first open marketplace for vulnerability disclosure and commercial bug bounties. On today’s episode, Jon Sakoda speaks with Casey on the early economics of paying people to hack companies, why ethical hackers are an amazing source of criminal creativity, and why every founder needs to ultimately fix their known vulnerabilities:

• Why the Economics of Bug Bounties are 20x the Status Quo  [11:23-14:42] - Casey had global access to talent around the world and saw that there was a huge opportunity to empower the best and brightest hackers to be paid for finding vulnerabilities. This was a 20x improvement on traditional pen testing and opened the floodgates on bringing traditional hacking out of the dark and into the light. 
• How the Best Hackers and Companies Find Success Together [15:04-24:30]  - Bugcrowd early on attracted some of the best hackers onto its platform, but ultimately needed to teach companies how to engage. Setting the right reward incentives, the right targets, and offering responsive feedback were key to getting the right level of engagement on the marketplace in the early innings. Now, most high value tech companies have successful programs. 
• Why Prioritizing Health Fixes is Life or Death [32:45-39:18] - Like many founders, Casey prioritized his startup ahead of other important health issues, which ultimately led to a cardiac emergency requiring open heart surgery. He is now back in action but has an important lesson to share with founders on the importance of taking care of your known vulnerabilities and investing in proactive and preventative care in advance of real issues.