Should You Consider Crowdsourcing Your Security Testing?

Crowdsourcing has become popular in recent years as sites such as Kickstarter and GoFundMe have taken off and fueled huge campaigns like the one for the Pebble smartwatch. A 2015 report from Massolution estimated that the global crowdsourcing market grew an astounding 167 percent in 2014, topping $16 billion raised. More growth is expected throughout this year: The final haul for 2015 could be in the neighborhood of $34 billion.

Everyone knows that crowdsourcing is a viable option for raising money for projects like new product development, but can it be leveraged for security testing, too? Vetting apps for bugs has only become more important as mobile platforms have expanded, businesses have transitioned to cloud-based software and threats have become more sophisticated. Crowdsourcing can provide strength in numbers within a challenging environment.

How Crowdsourcing Could Be One Component of a Broader Test Management Strategy

For security testing purposes, the crowdsourcing approach may be known as a bug bounty program. Many companies, from Pinterest to United Airlines, have instituted such initiatives to leverage the expertise of the white hat community while freeing up time for their own testers to tackle other issues.

Pinterest, for instance, has offered $200 for each bug discovered in its applications and submitted to Bugcrowd. Its security lead has justified the program as a response to "bandwidth constraints" among his team, and he is hardly alone in tapping the wisdom of the (security) crowd to stay ahead of exploits.

"The problem is that the good guys - the white hats - are outnumbered, and more and more vulnerabilities are appearing every day," explained Erin Richey of CenturyLink in an article for Forbes. "Stepping in to help keep the peace are bug bounty programs, which in turn are being bolstered by the cloud."

Other incentives offered by bug bounty programs have included free flights from United Airlines for finding faults within its apps, websites and service portals. And, as Richey noted, cloud-based communication and collaboration tools have made crowdsourced security testing as a whole increasingly feasible.

Enterprises often take pragmatic approaches to software testing designed for their particular organizational structures, apps and requirements. Crowdsourcing could complement firms that have only a handful of employees and/or remote workers.

At the same time, companies will also look to utilize enterprise test management software to streamline their security testing across numerous projects. Moreover, test management tools enable the high level of collaboration and JIRA integration that organizations now expect as they set up modern application testing environments.