Public: A public program is submitted the entire research community registered on the platform. Everybody can find and report bugs through our site.
Private: A private program is submitted to a specific number of researchers, chosen by the client, and is not subject to external communication. Usually these gives a higher reward – and hackers can gain more reputation when participating in such program.
On-site program: Our most discreet program – the solution is tested on the location of the submitter organization by the selected researchers. This type is recommended for products/systems prior production or for hardware and physical devices testing.
You site can be hacked, can be attacked by malicious intent, if you don’t have a bug bounty program. Moreover, this way you are not aware how your system has been hacked, which vulnerability has been exploited, what data has been stolen, even you have to pay fines in case the data breach gets publicity. The risk of a public bug bounty program doesn’t differ from the risk of a penetration test.
Every systems have their uniqe complexity. Each components could have different vulnerabilities, moreover newer and newer weaknesses are announced daily which after couple of days can be exploited by malicious hackers. It is better to prevent this and we proactively want to discover and fix these bugs. With this our firm can be more secure and can avoid fines and reputational damage.
You can expect continuous testing perfomed by the hacker community. Hacktify team helps in starting and managing your program. Each of our services includes the validation of the bug bounty report – your company gets a verified one – so you don’t have to bother sending back not appropriate reports for rectification. We do the marketing and find hackers for you.
In case of public and private bug bounty programs every communication is with Hacktify team, so you don’t have to get in contact with the hackers.
Hacktify takes care with confidentiality that the vulnerabilities can be accessible to the authorized stakeholders with non-disclosure agreement. Our platform also uses the latest crypto stardards to help remain compliant. For hackers we draw attention on several occasions, that they must not disclose any information about the programs, and this is also recorded in the form of contract with them.
Ethical hackers are subject matter experts with serious qualifications on the market, so it would be more expensive to mandate one to perform a penetration test on your company’s services. In case of a bug bounty program your firm will be continuously tested by the crowd of hackers, individually it would be time and resource consuming.