Qualys (NASDAQ:QLYS), a pioneer and leading provider of cloud-based security and compliance solutions and Bugcrowd, the leader in crowdsourced security testing, announced joint development integrations allowing joint customers a unique ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs. Many organizations’ security strategies have changed to a proactive approach, which includes both automation and human expertise to discover vulnerabilities.
As quoted in the press release:
To reduce the escalating cost and effort of implementing multiple tools or programs, this joint integration between Bugcrowd Crowdcontrol and Qualys Cloud Platform brings together the scale and efficiency of automated web application scanning (WAS) with the expertise of the penetration-testing crowd in one simple solution. Joint customers will be able to eliminate automatically discovered vulnerabilities by Qualys WAS from their list of offered bug bounties and focus Bugcrowd programs on critical vulnerabilities that require manual testing, effectively reducing the cost of vulnerability discovery and penetration testing.
The initial integration allows Bugcrowd customers who also have Qualys WAS to import vulnerability data from Qualys WAS results directly into the Bugcrowd Crowdcontrol platform and then use that data to optimize their bug bounty program scope and incentives. Further integration with the Qualys Cloud Platform will allow joint customers running a bug bounty platform on Bugcrowd to import unique vulnerabilities from Crowdcontrol into Qualys WAS and have the ability to apply one-click patches using the fully integrated Qualys Web Application Firewall (WAF).