Facebook, Google, and the other big tech companies all have massive amounts of code, and regardless of how much effort they put into security, some bugs are going to be discovered by hackers and security analysts. Some of these attacks have some value on the black market, so to provide a better incentive with what to do with these exploits, these large companies usually have some sort of payment program where they pay some sort of bounty to get first access so they can patch it up.
These types of programs were in the tech news just recently when a young Palestinian hacker submitted an exploit to Facebook, whose security team dismissed the bug. For better or worse, the hacker then posted a message on Facebook CEO Mark Zuckerber's Facebook page from the billionaire's profile, basically saying, "sorry for breaking your privacy, but this bug exists". Facebook again refuses to compensate him for breaking the conditions of the bug bounty program, but we'll let them figure that out.
Like what these bigger companies are doing on their own platforms, Danish startup CrowdCurity is looking to take this same sort of bug bounty idea and bring it to smaller online startups that face the same risks.
"Basically we're doing crowdsourced vulnerability testing for small businesses and products. We want to take that and deliver that same concept to small businesses," says Christian Hansen, co-founder of Crowdcurity, who spoke to us with his brother Jacob as they worked from a Buenos Aires co-working space.
The idea is somewhat similar to the type of crowdsourcing platform that 99designs applied to the graphic design industry. By getting lots of eyeballs on a problem, you can hypothetically find more, or better solutions.
If there are no bugs found, the startups will not need to pay anything to run the tests. But if there are valid issues, then businesses will pay some upfront-decided fee, of which Crowdcurity will take a cut.
Jacob Hansen points out that their solution is not going to replace a deep, professional security check, but it can be a good cost-effective way to remove the low-hanging fruits from your startup.
The platform is launching in a few weeks time, and in the beginning they're targeting scandinavian startup companies. At pre-launch they say they have over 100 security testers signed up.
CrowdCurity may not be the perfect security testing solution for any-stage startup, but at the very least it will get people thinking about how secure their services actually are, and might get developers to doublecheck that they have all the XSS and SQL injection holes patched up before they submit it to CrowdCurity. What do you think about the platform. Would you use it? Let us know in the comments.