The Crowdsourcing Cybersecurity Platform is a bug bounty platform that you can utilize to publish your websites or applications to hundreds of experienced, skillful, and responsible independent security researchers who will systematically attack your products in a controlled, ethical, and safe manner.
With the system, you can determine the target scope of what needs to be tested, for example, the front page of the web application or a mobile application. When a security vulnerability is found by the researchers, their submissions will be triaged and prioritized in determining their validity as well as risk level. Subsequently, you give out monetary rewards (or other forms) to the researchers that have reported valid security issues. Afterward, you fix the reported vulnerabilities immediately and verify that the relevant attack vectors have been properly secured.
There are 2 ways that you can utilize the system:
Ranging from medium to long terms, a subscription is the most ideal way of utilizing the system since you will constantly be monitored for vulnerabilities. For this, you can have an unlimited fund for rewards and can be added when it is depleting while the subscription program still running.
Fixed Short Term.
The fix short term is ideal for a one-time event and lasts for a relatively short period (a couple of weeks). There are 2 types of Fixed Short Term Program: Contest and Standard. In the Contest Program, researchers will perform their best abilities to find bugs and vulnerabilities in a certain given time (1 or 2 weeks). At the end of the period, winners will be announced and rewarded. The standard program is similar to a subscription but is limited to the agreed total of the fund. The program will end once the fund’s balance runs out.
What will you get by purchasing the service?
A Huge Crowd of Testers
With more testers, there is more of a chance to explore every vulnerability, go down every rabbit hole, and check every nook and cranny of the target.
Access to Diverse Skill Sets and Expertise
Since there are so many testers coming from a lot of different fields, the testing scenarios, and vulnerability checks tend to be very diverse and sophisticated as well.
Pay for Results, not Efforts
Bug bounty hunters get paid in a result-oriented model. This is the reason why the quality of the bugs that the hunters find are usually of much higher quality, i.e., the kind of bugs that most smart hackers will exploit.
Each time you make a change or add new functionality, it will be evaluated without having to sign up or wait for your next penetration test. This allows you to constantly have an up-to-date understanding of your risk.
Here are the detailed features of the service
01. Programs Development Consultation
Assisting in program draft development and consulting with you as a program owner in terms of the targets of application or network that will be tested, including the amount of rewards.
02. Inviting Researchers
Subsequently, researchers and InfoSec experts will be invited to participate in the program. The profile and numbers of researchers will be appropriately determined jointly with you as the program owner.
03. Validating and Assessing Risk Level and Security Vulnerability Reports
Our Analysts will conduct tests upon received reports and ask for further clarification if needed. If a report is valid, a risk level assessment will be conducted according to the international standard in cybersecurity.
04. Notifying and Reminding Program Owner of Crucial Founds
If there is a report that needs immediate attention and follow-up due to its significant risks, our analysts will notify the program owner and provide consultations if needed.
05. Giving Rewards to Researchers
Representing you as the program owner, we will give the rewards for researchers according to the risk level of their founding.
06. Conducting Confirmation test to Ensure Problem Solving
Our Analysts will also ensure each improvement made by program owner that solved previously reported problems by performing tests. If needed, the bug founder can also be asked to perform voluntary re-test.