I'm co-founder of CrowdCurity, a Danish startup that offers Crowdsourced security test to companies with web applications. The idea in short, is that businesses via our platform invites security testers from all over the world to test their website, if they identify a vulnerability the business pays a reward – if no vulnerabilities are found no reward are paid and there are no costs for the business.
On our website www.crowdcurity.com you can see the platform and learn more about the concept.
We have already had some programs running and we are very impressed about what the security testers can find and our customers are very happy and all say they have gotten a lot of value from it.
I like the idea and think - executed correctly - it could be big. BUT, I think the approach you take has got to be very careful otherwise you create a brand impression that makes you far less attractive to potential customers.
No one wants to admit that there is even a potential for security breaches in their site so despite the significant value your service potentially provides, there are a lot of hurdles to a sale here.
I would caution against approaching companies with a flaw discovered as a selling point. It had potential to create the wrong perception and it would involve cost to your community without guaranteed payout.
I would also consider broadening the service to in-depth technical testing. UserTest (IMO) doesn't deliver on real QA needs so making security vulnerabilities part of the service might be better for everyone.
I'm sure in a call for 30 minutes or less, I could give you some very specific tactical advice that would increase your initial success.
Either way, best of luck!
