Bug Hunt: Bugcrowd Uses Trolley to Make Daily Payments to Ethical Hackers

3 weeks
of end-of-year tax work saved annually
countries where recipients are onboarded and ready to pay
reduction in time spent processing payments
Company Info
Software bug research
HQ Location
San Francisco, CA
Customer Since
Bug researchers, freelancers
Payout Countries

Security bugs are almost unavoidable in the swarm of digital interconnectivity. Most businesses lack the focused teams and breadth of experience necessary to find and swat every single digital issue. Luckily, thanks to Bugcrowd, a distributed, international crew of hacker-researchers with diverse backgrounds, experience, and expertise is readily available for hire.

Bugcrowd has helped businesses uncover and remediate software and security vulnerabilities with their unique crowdsourcing model for the past decade. Companies will put up a bounty (a financial reward) to find bugs in their software. Bugcrowd connects these companies with a worldwide team of researchers who search for, identify, and report bugs to collect the bounty.

Bugcrowd’s platform-powered approach to crowdsourced security connects businesses to the right researchers and manages operational details. Bugcrowd has grown steadily since 2012; they have received series D funding and, to date, have amassed hundreds of thousands of researchers. But the larger Bugcrowd grew, the more cumbersome it became to pay their burgeoning roster of researchers.

Without Trolley, there would be many more choke points in processing our volume of daily payments without problems. 

It would require almost double the bandwidth from our teams to keep an eye on payments.

— Chris Jones, Lead Support Engineer at Bugcrowd

The challenge

Before Abigail Nguy was a product manager at Bugcrowd, she handled researcher payments on their Operations team. “Back then, we made weekly payments with spreadsheets and manual pulls,” she recalls. “Every week, I did a lot of manual work to prep the spreadsheets. Then I handed them off to finance to load into our payment software, NetSuite and PayPal.”

Before Trolley, reconciling payment issues with finance took me six to eight hours a week, and losing a full workday started to be an issue. And any errors we missed in our manual process cost me a considerable amount of time at the end of the quarter and year.

- Abigail Nguy, Product Manager, Bugcrowd.

Grant McCracken, VP of operations at Bugcrowd, corroborates this account and estimates that teams spent more than 20 hours per week on payment-related tasks.

There was a lot to be desired in the process. “It was not fun,” Nguy states. “It was cumbersome, and there was double and triple checking to avoid errors.”

While Nguy’s weekly task took her about 30 minutes, there were hours—and at the end of a year or quarter, sometimes weeks—of manual reconciliation.

“We had hundreds of programs running, thousands of researchers, and it was getting difficult to scale the payments,” Nguy recalls. Some bug bounty competitors paid researchers daily, but Bugcrowd’s process made it almost impossible to meet that cadence. Add to that the bank fees and conversion fees that applied to their numerous international researchers, and the process was just too complex.

And when it came to taxes, all Nguy could say was, “Taxes were horrible, and it was challenging for the team. One year, end-of-year taxes took up three weeks of January.”

Nguy and Bugcrowd teams knew: Something had to change.

The solution

Nguy partnered with the engineering and product teams to find a solution, and they landed on Trolley. “It was important for us to partner closely with Trolley to expand our capabilities and make payments a lighter touch,” she says.

“Trolley has helped us reach payments parity with our competition and has even allowed us to create competitive differentiation around what we can offer researchers.”

- Grant McCracken, VP of Operations at Bugcrowd.

Chris Jones, the lead support engineer at Bugcrowd, recalls his experience when Trolley came online: “Once we started using Trolley, it condensed so many manual processes into one portal to facilitate bank transfers and PayPal. We didn’t have to worry that one person from the finance team calling out sick might throw everything into chaos,” Jones recalls.

Using Trolley also meant Bugcrowd could pay out researchers every day. “Wire transfers were a nightmare for our researchers before Trolley,” Nguy says. “Our researchers had told us those daily payments and covering conversion fees were important to them.”

After onboarding with Trolley, Bugcrowd now makes payments every day. When researchers reach out to Jones with questions or issues, he has visibility into payments and notifications, so it’s easy to resolve issues.

“I appreciate the Trolley user experience,” Jones shares. “The dashboard is simple and straightforward, so we’re always able to find answers for our researchers quickly.”

The end-of-year tax pressure has also eased significantly since Trolley. “To be able to ensure we’re collecting tax forms, that we’re compliant in storing them, that we have the correct researcher information is a huge relief. We used to have to check all of that manually,” says Nguy.

“Using Trolley has been essential to helping us catch up with competitors and gain a competitive advantage. I shudder at the thought of our processes without Trolley.”

- Abigail Nguy, Product Manager, Bugcrowd.

The results

Where teams used to spend more than 20 hours a week on payments, Trolley has reduced that time by more than 90% to under 10 hours a month with 5x the number of pay runs, a significant boon for Bugcrowd teams. The end-of-year tax process is also markedly faster, easier, and more secure.

“Before Trolley, we had to do manual tax forms for hundreds of researchers. It was difficult, to say the least,” says Jones.

Jones and his teams still review researcher tax forms, but collecting information and ensuring it’s compliant is much easier. Even better, Bugcrowd knows that with Trolley, they are compliant in storing researcher information.

“Trolley has helped us make our clients and researchers happier. Our support team spends less time doing payment runs and supporting payments in general, which creates better morale and reduces the probability of human error.”

— Chris Jones, Lead Support Engineer at Bugcrowd​.

Trolley has also helped the business side of Bugcrowd. Paying researchers daily made a positive impact on researcher relations. “A happy researcher is more likely to help create happy clients, so any benefit to researchers also benefits clients,” says McCracken.

The future

Trolley was the catalyst for Bugcrowd to improve its payment offerings within the platform. Knowing Trolley has compliance in order, Bugcrowd has scaled its payments processes and started mapping out new capabilities.

"The Trolley team is so collaborative; it’s my favourite part of working with them. I feel supported, and I know that at the end of the day, Trolley will do whatever they can to help get us where we need to be.”​

“Before Trolley, we spent more than 20 hours weekly on payment-related tasks. While we still have to track down recipient information, Trolley has helped us more halve the hours we spend on payments.”

- Grant McCracken, VP of Operations at Bugcrowd.

Related customer stories

Trolley springs into action for GigSalad & 20K payees

Draft cuts writer payout work to a few minutes per week

Paying freelancers just got easy with Trolley

Let Trolley take care of payouts, so you can focus on what really matters: growing your business.