Qualys and Bugcrowd have announced joint development integrations to enable customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs.
To reduce the increasing costs and effort of
implementing multiple tools or programs, this joint integration between Bugcrowd
Crowdcontrol and Qualys cloud platform brings together the scale and efficiency
of automated web application scanning (WAS) with the expertise of the penetration-testing
crowd in one solution.
Joint customers will be able to eliminate
automatically discovered vulnerabilities by Qualys WAS from their list of
offered bug bounties and focus Bugcrowd programs on critical vulnerabilities
that require manual testing, effectively reducing the cost of vulnerability
discovery and penetration testing.
The initial integration allows Bugcrowd customers who also have Qualys WAS to import vulnerability data from Qualys WAS results directly into the Bugcrowd Crowdcontrol platform and then use that data to optimise their bug bounty program scope and incentives.
"With the move of IT to the cloud and all the
digital transformation efforts underway, web apps are exploding and securing
these apps is now front and center," said Sumedh Thakar, chief product officer,
Qualys. "By combining the automation of Qualys Web Application Scanning
(WAS) and Bugcrowd's crowd sourcing platform, organizations can now cover a
much larger number of applications and secure them more effectively at a lower
"The pace and complexity of modern application deployment requires organizations to harness both automation and on-demand crowd testing. This integration allows our customers to gain the benefits of both," added Jonathan Cran, vice president of Product, Bugcrowd. "The integration of Bugcrowd and Qualys data means that this new approach will be easier and lower cost."