Contact Us

Case Studies

Vex challenged Cybozu's security project, the Cybozu Bug Bounty Program, and received high marks for uncovering several vulnerabilities. This led to the decision to adopt Vex.

Cybozu, Inc.

Cloud services

The adopted service

Web application vulnerability scanner Vex

Introduction of company

Cybozu focuses on cloud-based groupware and business improvement applications to support "teams delivering results" around the world. A diverse range of teams are currently using the products and services, from small projects such as students, NPOs, and home healthcare group to large corporations with global offices. In addition, the company launched the Cybozu Corporation CSIRT (abbreviated Cy-SIRT) to engage in the prevention of incidents, early detection, early resolution, and minimization of damage in cooperation with external organizations and experts. The assurance group of Quality Assurance Department Global Development Division organized a meeting body that examines all IT security policies within the organization. The group also supports the Cy-SIRT operation and manages the bug bounty programs.

case-img07-2

Quality Assurance Department Global Development Division
General Manager

Yoichi Akeo

case-img07-3

Quality Assurance Department Global Development Division
Cy-SIRT

Akitsugu Ito

* Department, title, etc. are those at the time of the interview.

Challenges

  • Auto-scan tools was adopted once, but they did not achieve a satisfactory level of quality in the scan results.
  • They often skipped the scanning for some vulnerabilities considered to have little impact on the application since they usually scan each of them by hand, consuming a lot of time and effort.

Benefits

  • Vex enabled them to detect vulnerabilities previously undetectable with the previous scan methods.
  • Vex’s ability to automatically select appropriate payloads helped all engineers perform verification at a certain level of quality without relying on their own technical skills.
  • Vex allowed them to easily share information and integrate scan data, thereby facilitating seamless communication between hubs regarding such as reviews or questions about scan data, etc.

Cybozu, Inc.