In a bug bounty program, organization’s services are published for hackers to search for vulnerabilities and bugs. Hackers are paid rewards based on the severity of the findings. The accuracy of the reported findings is verified and the severity is assessed before the bounties are paid.
In our bug bounty service, the customer only needs to specify the relevant services because the operation of the program is entirely outsourced to us.
Our service includes the following:
- Creating program rules according to customer needs
- Program platform selection
- Inviting hackers to the program
- Verification of findings
- Checking for duplicate findings
- Payment of the bounties to hackers
- Status meetings to monitor the progress of the program
The bug bounty program is a good supplement to traditional information security testing due to its different nature. Hackers have more time at their disposal when it comes to a non-scheduled project and there are more hackers analyzing the service. Programs also typically publish production environments, while security testing is usually carried out in test environments. The program can also be built freely based on the client’s wishes.
Outsourcing a bug bounty program means an easy solution for a company or an organization to supplement and support a comprehensive testing strategy and application development process.