I'm co-founder of CrowdCurity, a Danish startup that offers Crowdsourced security test to companies with web applications. The idea in short, is that businesses via our platform invites security testers from all over the world to test their website, if they identify a vulnerability the business pays a reward – if no vulnerabilities are found no reward are paid and there are no costs for the business. On our website www.crowdcurity.com you can see the platform and learn more about the concept. We have already had some programs running and we are very impressed about what the security testers can find and our customers are very happy and all say they have gotten a lot of value from it.
A few years back, a blog written by hackers emerged on the Romanian market. Back then, I was working as a web developer for the biggest jobs site on our market (>3M revenue).
One morning, we got an email from the guy who started the hacker blog. It was a simple SQL injection that revealed a lot of sensitive data like user emails and contact data. We were instructed to fix this in 24 hours or he would go public and expose our error to the public. Nice guy, he gave us the benefit of the doubt. If we were a serious business, interested in the security of our users' data, we'd jump and fix things. If not, we deserved to be exposed.
We spent the entire day going through every single script on the site and tried to secure everything we could think of. The coding had been done years before by a different team and we found a lot of security holes.
The second day I went to my boss and told him the only way we're going to get them all is to hire the hackers to mess us up as badly as they could.
It was a win-win for everybody.
So, what I'd suggest is this:
1. Don't target startups. They have so many on their plate and so little resources, a small-to-medium security flaw won't be a huge priority. Making payday and turning a profit is top on their list.
2.Target companies with a lot to lose due to security. Go for the big guys.
3. Find one error, report it to the highest management level you can find contact details for, explain the risks and pitch your service.
I'm currently running a SaaS where data security matters. We already did a crowdsourced vulnerability test and it was a pain to set up. I'm really happy to have found out about you guys!
If you'd like to brainstorm a few more sales ideas, let me know, give me a few days to do some research and book a call.
Either way, let's keep in touch!
Matt
Answered 11 years ago
Access 20,000+ Startup Experts, 650+ masterclass videos, 1,000+ in-depth guides, and all the software tools you need to launch and grow quickly.
Already a member? Sign in