The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency of the US government, has selected Paladin portfolio company Bugcrowd to launch its first federal civilian enterprise-wide crowdsourced vulnerability disclosure policy (VDP) platform in support of Binding Operational Directive (BOD) 20-01.

CISA, through the Cybersecurity Quality Services Management Office, is partnering with Bugcrowd – the leader in crowdsourced cybersecurity, and EnDyna – a government contractor that provides technology-based solutions. CISA will offer this VDP platform service to Federal Civilian Executive Branch (FCEB) agencies which will set a new precedent for federal civilian enterprise-wide security. FCEB agencies will now be able to coordinate with the civilian hacker community. The VDP platform enables agencies to identify and monitor vulnerabilities in critical systems, by receiving security feedback from uniquely-skilled ethical hackers around the world.

CISA’s BOD 20-01, which requires all FCEB agencies to develop and publish a VDP, has opened the door for federal agencies to work with Bugcrowd’s proven crowdsourced cybersecurity platform. This will give agencies access to the same commercial technologies, world-class expertise, and global community of helpful ethical hackers currently used to identify security gaps for enterprise businesses. Partnering with Bugcrowd, EnDyna is awarded a one-year contract with four option years which will provide a key Software as a service (SaaS) component to CISA’s VDP platform.

Bugcrowd’s unmatched triage and community management services deliver an industry-leading 96% signal-to-noise ratio and its unique CrowdControl™ Platform provides contextual vulnerability intelligence and management to reduce risk faster and drive better decisions. In addition to the CISA-funded VDP platform service, FCEB agencies can also accelerate digital transformation strategies and implement their own bug bounty programs from Bugcrowd and EnDyna, enabling them to ensure that security assessments become part of their software development lifecycle (SDLC), also commonly called as “Shifting Left.”

“As seen in the commercial and defense sectors, crowdsourced cybersecurity and vulnerability disclosure programs are a critical safeguard in helping reduce the risk of breach,” said Ashish Gupta, CEO and President of Bugcrowd. “The need for cyber resilience and risk management is unprecedented in today’s digitally connected world and the partnership between CISA and Bugcrowd provides the most powerful crowdsourced cybersecurity platform solution to address the government’s growing need for contextually intelligent security assessments to protect its vast attack surface. We are honored to be the first crowdsourced cybersecurity vendor to work with CISA on an FCEB-wide proactive defense strategy through our VDP solution.”

For more information on Bugcrowd’s VDP solution and the Bugcrowd platform, please visit

“Bugcrowd,” “CrowdControl” and “Force Multiplier” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.


About Paladin Capital Group

Paladin Capital Group was founded in 2001 and has offices in Washington DC, New York, London, Luxembourg, and Silicon Valley. As a multi-stage investor, Paladin focuses on companies with technologies, products, and services that meet the challenging global cyber security and digital infrastructure resilience needs for commercial and government customers. Follow the firm on Twitter @Paladincap and visit