Run & Host Your Own Bug Bounty on Your Own Network
Bug Bounty HQ is pleased to announce the release of its Independent Bug Bounty Platform and the Security Consultancy Independent Platform. Bug Bounty HQ appreciates that many companies wish to have more control over their programs / data and as such run their own bug bounty programs instead of using managed platforms. These Independent platforms offer a company seeking to run their own program an instant solution with a number of unqiue features builtin.
The Indepenedent Platforms
- Install on your own servers
- Compatible with IIS / Apache and MySQL
- Contain 90% of all the features offered by BugBountyHQ.com
- Super Admin interface for back office operations
- White labelled allowing customization for corporate logo etc
Additional Features of the Independent Platform
It is important to mention that "points" are seen by many researchers as extremely important. These points create leaderboards, an overall leaderboard and individual program leaderboards. Positions on leaderboards, Hall Of Fames, Special Mentions are commonly referenced by these researchers in resume's.
Consider the following scenario. Joe is positioned 9th on a overall leaderboard. He decides he is going to look at a bug bounty hosted elsewhere. He spends 1 week on that program. During this time, other researchers have had 1 week to catch up on Joe on the other overall leaderboard. Joe may have had success in the bug bounty program he just spent a week on, but when returning to the other bug bounty hosting platform, he finds he is now positioned 17th.
The following unqiue add-ins are included within the Independent platforms. These features help promote your bug bounty and also allow researchers to spend more time on your program without any fears of their overall leaderboard position being affected.
- No UUID's are assigned to researchers on Independent platforms. UUID's are assigned from BugBountyHQ.com.
- If a researcher registers on an Independent Platform, within their profile they may enter their UUID
- The UUID serves as a unique user ID. If, on an Independent Platform a researcher is awarded cash payment for a resolved vulnerability and therefore points, an API call pushed to BugBountyHQ.com. This push reflects all the points aqcuired to the global leader board and their profile. An entry is written within the Real Time Update (RTU) that researcher XYZ was awarded a bug bounty payment by ABC. ABC would be linked to the Independent Platform sending new researchers to the Independent Bug Bounty program
- When a live Bug Bounty is released on an Independent Platform, an API call is sent to BugBountyHQ.com to update the RTU that you have launched your program. This serves to promote your program to an immediate pool of registered researchers
- If the builtin in Program Blog is used on the Independent Platform, any updates / announcements are also pushed to the RTU being directly linked to your blog hosted on the Independent Platform.
- The platform is already built and can be branded by with all the necessary company logo’s / informationAccess to an instant researcher pool
- Greater exposure as program is also listed (not hosted) on bugbountyhq.com
- Greater participation as any points awarded on your platform also replicates to BugBountyHQ
- Benefit from the various incentive programs ran by Bug Bounty HQ. Simple examples would include monthly / quarterly / annual competitions paid for by Bug Bounty HQ.
- This all leads to more vulnerabilities being discovered in your clients bug bounty.
Full technical support is offered with these platforms. Pricing -
- $295.00 Purchase Price
- $895.00 per month for the duration of your Bug Bounty Program. If you only run your program for one month, it simply be $895.00
The Security Consultancy Independent Platforms (SCIP) are built and designed for, as you would guess, Security Consultancy Firms.
As a trusted security provider / advisor to your existing client base, you are best positioned to advise and manage a bug bounty program for them. Bug Bounty HQ offers a number of solutions to help fulfill you and your client’s requirements.
The SCIP is installed on your own network and branded with your own corporate logo and information. ALL the features of Bug Bounty HQ are included and all your client programs are entirely managed by you. This would also include receiving all the bug reward payments as well as making payments to the security researchers for their bug bounties. You also retain ALL commission handling fees per bug transaction. A $10,000 bug would represent a $2,000 commission fee.
Being a security consultancy and a trusted partner, you can also offer you client
- F/T consultants, billed daily for the duration of the Bug Bounty Program to be part of the team, if nothing else but to assist with incoming reports.
- If it appears many instances of a particular type of issue is being reported, "secure code" training could be offered
- Consultancy services to provide new internal policies for the handling of security vulnerabilities etc.
- The list goes on an on.
Full technical support is offered with the program. Pricing
- Initial one-time fee for platform $1,995.00
- Bug Bounty HQ charge $495.00 per client program launch (paid for by your client within the SCIP application prior to launch)
- This is followed by a $195.00 per month, per running client program until terminated / suspended by your client.
That’s it. The cost is kept low to ensure SCIP success !!
For more information about these Platforms, please do not hesitate to contact Bug Bounty HQ.