BUG BOUNTY PROGRAM
A Bug Bounty Program is another security measure for your organization with the goal of identifying vulnerabilities before they are exploited. The program allows you to take advantage of the know-how and inventiveness of a community of security experts. The community is invited to analyze a predefined area of your company for vulnerabilities. The discoverer of a vulnerability receives a reward that depends on the criticality of the vulnerability found.
Is a Bug Bounty Program an option for you?
Read our expert interview with Stefan Schmer, Managing Consultant Security Analysis & Pentests
BUG BOUNTY PLATFORMS
A provider of Bug Bounty platforms provides the expertise of the connected community of security experts. The rules are clearly defined and vulnerability reports are only exchanged via the platform. Bug Bounty programs can also be implemented independently from platforms and without using a central platform. Communication and coordination with the security experts is carried out by the company itself.
HOW WE SUPPORT YOU
In order for the Bug Bounty Program to be effective and free of unnecessary restrictions, it must be tailored to the needs of the company and take organizational structures into account. As a full service provider we can assist you in, for example:
• Determining the assessment scope
• Communicating with the community of security experts
• Sighting, review and prioritization of incoming vulnerability reports
• Support in correcting identified vulnerabilities
HOW WE PROCEED
Our approach is individually tailored to your needs and adapted to the project phase. The procedure below can be regarded as exemplary.