Federacy, a member of the Y Combinator Summer 2018 class, has a mission to make bug bounty programs available to even the smallest startup.
Traditionally, bug bounty programs from players like BugCrowd and HackerOne have been geared toward larger organizations. While these certainly have their place, founders William and James Sulinski, who happen to be twins, felt there was a gap in the marketplace, where smaller organizations were being left out of what they considered to be a crucial service. They wanted to make bug bounty programs and the ability to connect without outside researchers much more accessible, and so they built Federacy.
“We think that we can make the biggest impact by making the platform free to set up and incredibly simple for a even the most resource-strapped startup to extract value. In doing so, we want to expand bug bounties from probably a few hundred companies currently –across BugCrowd, HackerOne, etc. — to a million or more in the long run,” William Sulinski told TechCrunch.
That’s an ambitious long-term goal, but for now, they are just getting started. In fact, the brothers only began building the platform when they arrived at Y Combinator a couple of months ago. Once they built a working product, they started by testing it on the members of their cohort, using knowledgeable friends as security researchers.
They made the service public for the first time just last week on Hacker News and report over 120 sign-ups already. Their goal is 1000 sign-ups by year end, which William claims would make them the largest bug bounty platform by count out there.
For now, they are vetting every researcher they bring on the platform. While they realize this approach probably won’t be sustainable forever, they want to control access at least for the early days while they build the platform. They plan to be especially attentive to the researchers, recognizing the value they bring to the ecosystem.
“It’s really important to treat researchers with respect and be attentive. These people are incredibly smart and valuable and are often not treated well. A big thing is just being responsive when they have a report,” Sulinski explained.
As for the future, the brothers hope to keep building out the program and developing the platform. One idea they have is getting a fee should a client build a relationship with a particular researcher, and want to contract with that individual. They also plan to take a small percentage of each bounty for revenue.
Unlike more typical YC participants, the brothers are a bit older, in their mid-thirties with more than 20 years of professional experience under their belts. Brother James was director of engineering at MoPub, a mobile ad platform that Twitter acquired for $350 million in 2013. Earlier he helped build infrastructure for drop.io, a file sharing site that Facebook acquired in 2010. As for William, he was CEO of AccelGolf and Pistol Lake, and founding member and project lead at Shareaholic.
In spite of their broad experience, the brothers have valued the practical advice Y Combinator has provided for them and found the overall atmosphere inspiring. “It’s hard not to be in awe of the incredible things that people have built in this program,” William said.
from TechCrunch https://ift.tt/2nrbTkz