Researchers

What’s the disclosure policy?

The disclosure policy by each company specifies the guidelines that you have to follow and abide by if you’re participating in the program. The vulnerabilities that you identifying will be sensitive and organizations expect responsible handling of those vulnerabilities and not disclosing it in public. The policy takes care of these.

When do I get the rewards?

The vulnerabilities reported by you will be verified and acknowledged by the security team of the organization. Once they fix the vulnerability you will be compensated with the appropriate rewards

How do I apply for Bug Bounty Program from an organization?

You can submit your profile by signing up for SafeHats program. We’ll reach out to verify your profile. Once you are successfully onboard, you will start to receive invitations for Bug Bounty Program which matches your profile..

How do I report the bugs?
You have to report the bugs as per the format and disclosure policy specified the each organization.

I’m not an independent researcher, but a company which offers vulnerability assessment services. Can I be part of this program?

I’m not an independent researcher, but a company which offers vulnerability assessment services. Can I be part of this program?

Enterprises

What’s a Bug Bountry Program?

Bug Bounty Programs are offered by enterprises by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse.

Will starting a Bug Bountry Program make our apps more vulnerable?

Applications are attacked without invitation too. Indeed you are incentivizing researchers to discover bugs soon, there by limiting the chances of a security threat..

How do I know the security researchers won't compromise our site?

All the security researchers have to agree to the standard disclosure policy in order to be part of a Bug Bountry Program. Additionally they also have to agree to each company specific disclosure policy and terms of conditions. You can also specify the eligibility,scope of the program and the rewards the researchers will be receiving in exchange for the vulnerabilities identified which keeps them motivated to work with you.

Which types of apps can I put for Bug Bounty Program??

Data is encrypted before being stored in our system. Only your team members with access privilege will be able see your data..

What’s the difference between a Private program and a Public program?

Any category of web and mobile apps can be tested on our platform.

What’s the difference between a Private program and a Public program?

Private program is where the invitations are sent only to the SafeHats curated list of security researchers. Public program is where the invitations will be sent to all the security researchers registered with Safehats.s.

What’s an ideal time frame for a Bug Bounty Program?

It’s best to run your programs with a time frame of 1 month to 3 months. We will be launching on going programs in a while.