Joint customers can automate web app scanning and focus bug bounties on advanced vulnerabilities, helping them increase breadth
of security testing and reduce cost
SAN FRANCISCO, CA--(Marketwired - Feb 13, 2017) - RSA Conference USA 2017, Booth #N3817 -- Qualys,
Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions and Bugcrowd,
the leader in crowdsourced security testing, today announced joint development integrations allowing joint customers a unique
ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs.
Many organizations' security strategies have changed to a proactive approach, which includes both automation and human
expertise to discover vulnerabilities. To reduce the escalating cost and effort of implementing multiple tools or programs, this
joint integration between Bugcrowd Crowdcontrol and Qualys Cloud Platform brings together the scale and efficiency of automated
web application scanning (WAS) with the expertise of the penetration-testing crowd in one simple solution. Joint customers will
be able to eliminate automatically discovered vulnerabilities by Qualys WAS from their list of offered bug bounties and focus
Bugcrowd programs on critical vulnerabilities that require manual testing, effectively reducing the cost of vulnerability
discovery and penetration testing.
The initial integration allows Bugcrowd customers who also have Qualys WAS to import vulnerability data from Qualys WAS
results directly into the Bugcrowd Crowdcontrol platform and then use that data to optimize their bug bounty program scope and
incentives. Further integration with the Qualys Cloud Platform will allow joint customers running a bug bounty platform on
Bugcrowd to import unique vulnerabilities from Crowdcontrol into Qualys WAS and have the ability to apply one-click patches using
the fully integrated Qualys Web Application Firewall (WAF).
"With the move of IT to the cloud and all the digital transformation efforts underway, web apps are exploding and securing
these apps is now front and center," said Sumedh Thakar, Chief Product Officer, Qualys. "By combining the automation of Qualys
Web Application Scanning (WAS) and Bugcrowd's crowd sourcing platform, organizations can now cover a much larger number of
applications and secure them more effectively at a lower cost."
"The pace and complexity of modern application deployment requires organizations to harness both automation and on-demand
crowd testing. This integration allows our customers to gain the benefits of both," said Jonathan Cran, Vice President of
Product, Bugcrowd. "The integration of Bugcrowd and Qualys data means that this new approach will be easier and lower cost."
The integration of Qualys WAS vulnerability data within Crowdcontrol will be available to joint customers in March, followed
by the integration of Bugcrowd data into Qualys WAS and WAF in Q2 2017.
Additional Resources:
About Bugcrowd
The pioneer and innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more
than 45,000 security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity.
Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a
customized security testing program that fits their specific requirements. Bugcrowd's proprietary vulnerability disclosure
platform is deployed by Tesla Motors, Fiat-Chrysler, The Western Union Company, Pinterest, Barracuda Networks and Jet.com. Based
in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally
Ventures and Salesforce Ventures. Bugcrowd is a trademark of Bugcrowd, Inc. Learn more at www.bugcrowd.com.
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with
over 9,300 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The
Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of
compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and
protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading
managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom,
Fujitsu, HCL Technologies, HP Enterprise, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company
is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be
trademarks of their respective companies.