FAQ

FAQ2022-02-02T09:00:04+00:00

Frequently Asked Questions

What is a Bug Bounty program?2022-01-28T11:27:54+00:00

Bug Bounty programs raise money for security researchers from around the world to participate, discover and report vulnerabilities and bugs in a company’s systems before malicious users discover and exploit them.

The idea behind a bug bounty program is very clever, as companies actually use hackers to deal with other hackers. Essentially, a bug bounty is a monetary reward given to so-called “ethical hackers” in order to use their knowledge and skills to protect an organization from malicious hackers. It is quite reminiscent of traditional security checks with the difference that ethical hackers from all over the world are involved and not restrictively by one company.

How are the bug hunters rewarded?2022-01-26T11:10:52+00:00

Initially, many researchers may find the same vulnerability. Only the first researcher who submits a valid report is rewarded. In general, the main criterion for the remuneration’s amount is the severity of the vulnerability, as defined by the customer. The more serious the vulnerability mentioned, the higher the reward. Payment is managed by a third-party payment platform that meets European compliance requirements. Scores are also awarded, depending on the quality of the researcher’s report.

What is a bug researcher / bug hunter?2022-01-26T11:12:45+00:00

A researcher is a person who searches for, identifies and reports vulnerabilities through a Bug Bounty program. In this way, it helps to enhance overall cyber security.

Are there any possible dangers related to bug bounty programms?2022-01-26T11:11:18+00:00

The operational risks are similar to those of an intrusion test. In addition, Bug Bounty scopes are generally exposed on the Internet, so they may be subject to external attacks. Finally, a researcher could use his involvement in the bug bounty for other malicious purposes, although this is extremely rare.

What is a bug bounty?2022-01-26T11:11:40+00:00

A bug bounty is a monetary reward given to so-called “ethical hackers” in order to use their knowledge and skills to protect an organization from malicious hackers.

What is a bug bounty platform?2022-01-26T11:12:19+00:00

A Bug Bounty platform allows an organization to promote a Bug Bounty program to researchers / hackers, who are registered on the platform. Researchers can then search for and report security vulnerabilities found in this program.

What is the difference between a public and a private program?2022-01-26T11:12:34+00:00

A private program is submitted only to specific researchers, selected by the client. On the other hand, a public program is submitted to the entire research community that is registered on the bug bounty platform.

How do I select researchers for a private project?2022-01-26T11:13:08+00:00

Bug Awards helps you select the researchers that best suit your needs (knowledge and skills required for what you want to test, your program budget, etc.).

First bug bounty program: How do I define the scope?2022-01-26T11:13:13+00:00

When you start a program, it is better to start with a limited scope. Gradually, you can expand the scope, making the rules more flexible and / or increasing the number of researchers.

How do I plan the budget for a bug bounty program?2022-01-26T11:13:17+00:00

The total cost of a Bug Bounty program is usually based on three criteria:

  1. The scope you have defined,
  2. the number of researchers looking for their vulnerabilities and their profile (knowledge, skills); and
  3. the rewards that researchers usually gain.

Get Started with Bug Awards.

*To contact you or get in touch with us.

BUG BOYNTY

The new standard for Cyber Security.

FAQ

Frequenlty asked questions regarding Bug Bounty.

CONTACT US

[email protected]
Mon-Fri: 9:00 AM – 6:00 PM

© Copyright 2024 | BugAwards | All Rights Reserved

Go to Top