Frequently Asked Questions
your questions, answered

Discover and remediate your security bugs with a flexible bug bounty platform – built for demanding cyber security & engineering teams

A bug bounty is a program that rewards researchers for conducting vulnerability research. The rewards are typically determined based on the severity of the bugs discovered.

Once researchers' submitted bug reports are validated, they receive the corresponding rewards following customer's confirmation.

Bug bounty and vulnerability disclosure programs have been proven to deliver excellent results in finding vulnerabilities. White hat hackers and security researchers are continuously searching for vulnerabilities, whether invited or not. By providing them with a safe harbor to report these vulnerabilities and by rewarding them for doing so, organizations can benefit from continuous testing, while paying only for results. Granting permission for security researcher to test your systems is a quick and cost-effective way to receive more findings.

Vulnerability disclosure programs provide the researchers a safe way to report bugs if they discover outside a defined bounty program. In such case it’s reported over the safe harbor and the company may return with a reward as they seem fit.

Private programs offer organizations the opportunity to utilize the power of our ecosystem for security vulnerability testing –volume of testers, diversity of skill and perspective and a competitive environment. Automated researches find only what it knows, and penetration tests are limited in perspective, in time and effort. Bug bounties are a complementary means for any sophisticated security program.

Public programs are open to all researchers while private programs are limited to vetted researchers. Vetting levels vary to fit the organizations’ risk perspective. Public programs offer the power of a diverse skillset and a more competitive environment.

Companies typically define the bounty scopes around mobile apps, web apps, IoT, cloud services and smart contracts. Researchers are expected to stick with the scope only.

There are various levels of vetting: id check, background check, NDA, face-to-face interviews, legal papers and most importantly being a part of our or a global bounty platform’s leaderboard.

No we dont

Our platform manages payments to researchers who are the first to identify unique vulnerabilities that are in scope of the Bounty Program. Once the validators and clients review and approve the reported bug, system Bugbounter platform takes care of the rest. Sometimes non-monetary forms of rewards may apply, such as gifts and recognitions. 100% of the announced reward is delivered to the researcher.

Typically discovered vulnerabilities are be kept confidential. Clients may choose to allow public disclosure of vulnerabilities but are not compelled to do so.

A bug bounty is a reward-based vulnerability research program. Rewards are usually defined according to the severity of the bugs. Researchers receive the rewards following the validation of their submitted bug reports.ineering teams

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Free onboarding

Free trial

No fixed payments

Free consulting

You can register on our platform in two steps

Get a guided 30min free tour on our platform