A bug bounty program offers bounties for finding and reporting bugs in soft- or hardware. Although they are often run in an IT security context, this is not a requirement. In any case the knowledge and skills of a community are leveraged to get the best results.
Only systems that are accessible from outside of your company can be tested on greenhats®. Quite often even systems which were not intended to be publicly accessed can be found on the internet with tools like shodan.io, where most of the interesting information about your systems can already be found.
There are much simpler methods for hackers to gather your data than signing up on a platform for security-conscious companies.
Taking part in a bug bounty program can even “protect” from attackers, even ones who are not yet part of the platform: If a hacker finds a vulnerability but also discovers you take part in a bug bounty program, he will probably choose the safe way of receiving the bounty instead of going down the malicious path and causing damage.
You can always cancel or hide a job if you do not require any further tests for a system. The exception is the minimum period of six months, which is to ensure that our free services on sign-up or creation of a job (like the initial audit of a system) are not abused.
We remain committed to our motto “People determine IT security”. Supposedly comprehensive security software can only ever protect retroactively and never replace security checks. Such software is often rather costly and only ever covers a small area of IT security – and sometimes even introduces vulnerabilities of its own. To put it differently: Google employs some of the best hackers in the word and sponsors and takes part in internal and public bug bounty programs – so if there was a truly comprehensive software security solution, Google would probably know about it.
Bug bounty is not a new idea and there are platforms (mostly in the US) which use different pricing models than we do. The defining difference is the amount of individual support greenhats® provides. Even large and capable companies have had to halt their bug bounty programs on prominent platforms, because the administrative burden brought about by receiving hundreds of duplicate, hard to understand or just plain wrong submissions was not worth it anymore. greenhats® not only takes care of this work, but every step of handling, rating and communication necessary. We are your partner for every field of IT security and provide you with support from the initial audit up until a follow-up test takes place, with no hidden or unexpected costs.