Frequently Asked Questions
Big companies such as Google and Meta use Bug Bounty programs to ensure their systems are secure. In a bug bounty program companies offer compensation to individuals that report bugs in their system.
A bug bounty program is not a replacement for a pen-test, and vice versa. Even the best security experts can miss bugs. Even if we assume your platform is 100% secure today we can’t assume that it’ll always be. New features, new updates and new discoveries can all introduce new vulnerabilities and weaknesses. Having a bug bounty program ensures your platform is always being tested and free of bugs.
All you have to do is have a page on your website to detail the program! The tricky part is reaching ethical hackers that are willing to test the security of your platform. Another challenge companies usually face is validating the submitted reports. You can easily overcome both of these challenges using Bug-Bounty.com.
We will walk you through each step of creating a bug bounty program and we’ll manage it for you! Our team will work with you to create a bug bounty program that meets your requirements, list it on bug-bounty.com and validate all submitted reports. We will only forward the valid reports to you, saving you both time and money!
Bug-Bounty.com is a sister company of zSecurity, we have a very large ethical hacking community, therefore your program will be tested by a large number of highly skilled ethical hackers, another advantage over listing your program on your own website.
Just leave that to us! Our team will review submitted reports, communicate with the researchers and only forward valid reports to you.
No. Your website is publicly accessible and for all you know black-hat hackers might be trying to hack it right now as you’re reading this. Posting a bug bounty program helps you ensure your website is secure as it invites ethical hackers to test the security of your platform and incentives them to report their discoveries with the rewards you chose. Ultimately helping you to fight black-hat hackers and patch any vulnerabilities they might use to compromise your platform.
The cost depends on the size of your platform and the rewards you chose to give for discovered bugs. Contact us now for a quote.
Big companies such as Google and Meta use Bug Bounty programs to ensure their systems are secure. In a bug bounty program companies offer compensation to individuals that report bugs in their system.
That depends on the program itself, make sure you read it carefully and only look for bugs within the specified scope.
Your report will not be shared with the program publisher unless they award you the bounty we think is appropriate.
Reading the program description should give you a rough idea, our team reviews submitted bugs and decides on a fair bounty based on program details.
We review submitted reports within 48 hours of the time of submission (excluding weekends and national holidays).
If it’s valid, the status will change to “valid (pending payment)”.
We’ll contact the company and give them enough information to help them understand the bug severity without giving too many details about the bug itself. We’ll also suggest a fair bounty.
The status will change to paid when the company pays the bounty.
The company will get full access to the report at this stage.
You can view your submission and track all this from Reports in your dashboard page.