Cobalt Labs Raises $1.5M for Crowdsourced Penetration Testing
Crowdsourced bug bounties are common, but startup Cobalt Labs is now crowdsourcing penetration testing as well.Cobalt Labs is aiming to grow its crowdsourced approach to security testing with a new round of seed funding, announced Aug. 17. The $1.5 million seed round was led by eLab Ventures and included the participation of Tim Draper with Draper Associates. Cobalt Labs has raised a total of $2.5 million since its launch in 2013, initially as a crowdsourced bug bounty program platform. Although crowdsourced bug bounty programs are still part of the Cobalt Labs platform, the overall idea has now evolved to become a crowdsourced security service, including penetration testing. "Cobalt Labs is in the space of crowdsourced application security,"Jacob Hansen, co-founder and CEO of Cobalt Labs, told eWEEK. The basic idea behind the crowdsourced model is that skilled professionals join the Cobalt Labs platform and participate in various security engagements. As such, Cobalt Labs doesn't directly employ the security talent but helps make it available to organizations. Hansen noted that while the company first started out exclusively in the bug bounty space, 75 percent of the company's revenues currently come from crowdsourced penetration testing.
The idea of running a bug bounty program is not uncommon, and there are multiple companies in the space, including HackerOne and Bugcrowd. Running crowdsourced penetration testing is somewhat of a more novel approach that Cobalt Labs came to after multiple customer engagements for bug bounty programs. With a bug bounty, a company offers a reward (the bounty) to a researcher for finding a vulnerability. In contrast, with a penetration test, researchers actively probe an organization and its applications, and look for security vulnerabilities, misconfigurations and weaknesses.