Bug Bounty Service

What is Bug Bounty?

A bug bounty service is a continuous security test that allows businesses to prevent cyber-attacks, theft of data and abuse. Security testing is carried out by ethical hackers who receive pre-specified rewards for found errors and vulnerabilities.

Bug bounty service has proven success in harnessing the global security community to locate critical vulnerabilities and fix them before attackers can exploit them.

Bug Bounty service is used in addition to traditional and check-list based penetration tests for their access to a diverse skill set, pay-for-results model, and potential for ongoing testing. While traditional pen testing is often used to achieve compliance, businesses pay cash rewards for finding and reporting weak points and bugs in the software.


Benefits of Bug Bounty Service

  • Bug bounty service can find rarity outputs that penetration testing can’t detect.
  • Low budget (Client sets the amount of the rewards and pays only for valid vulnerabilities).
  • The vulnerability assessments performed by bug bounty service are likely to be more realistic than a more structured engagement.
  • Variety of outputs over a longer period of time – continues testing.
  • Possibility of testing in production and/or test environment.

Penetration Testing vs Bug Bounty Service

The biggest difference with the penetration test is that the bug bounty service offers continuous security testing at a price that the client has approved.

Category Bug Bounty Penetration Test
Scope Determined by the extent of the client’s interest
Typically limited to publicly-accessible resources
Conducted to meet the exacting needs of a specific client
Can include sensitive authenticated services
Cost Somehow unpredictable
Bounties only pay once a vulnerability is disclosed
Predictable and agreed upon during negotiation
It varies based on scope of work
Time Specified by the client
Usually a long-term continuous test
Predictable and agreed upon during negotiation
It varies based on scope of work
Outputs Individual vulnerability reports for each discovery Comprehensive report that includes vulnerabilities by severity, remediation, and additional recommendations

Copyright @2021 HTD.RED