I would guess it is precisely because BugCrowd is more expensive. They offer a managed program where BugCrowd's employees validate bug reports for participating companies. Speaking from experience, that process can become very time-consuming.
If I were running a startup or even a moderately-sized company, implementing and managing a bug bounty program internally sounds like a headache, and probably would be put off indefinitely. A managed solution like BugCrowd could definitely fill this void.
infosectosser|12 years ago
EricDeb|12 years ago