A bug bounty is a program where a company provides a monetary reward to an independent security hacker who reports a bug or a security vulnerability. Rewards can vary from hundreds to thousands of dollars depending on the impact and severity of the vulnerability.
We believe that a crowdsourced approach to security is the natural evolution of traditional penetration testing. For many organizations, running a variety of vulnerability scanners and penetration tests is the only solution for cybersecurity. It’s also no secret that, no matter how advanced, automation only goes so far–it finds only what it knows.
Private programs are fully confidential and are available only to a selected number of hackers. They offer our clients the opportunity to tap into the power of crowdsourced security testing – a vast number of testers with rich skill sets and perspectives for focused testing in an invite-only program.
The reported bug must be recognized by the company as a valid unique bug within the program scope, which can be reproduced and verified by the company.