In 2011, Patrick Webster, a security researcher, notified an Australian pension fund manager of a glaring flaw in its website that allowed him to access people’s personal information. The firm, First State Superannuation, returned the favor by sending the police to his home and threatening to sue him.
The incident was a disaster—a masterclass in how not to treat vulnerability researchers. First State Super eventually backed down and thanked Webster, but not before catching considerable flak for its handling of the affair.
Now First State Super has signed on as an investor in Bugcrowd, a San Francisco-based startup that runs bug bounty programs for businesses. The new round of fundraising, led by venture capital firm Triangle Peak Partners, is worth $26 million.