By Nettitude
Today, we’re excited to announce the launch of our Nettitude Bug Bounty programme .
Over the past few months, we’ve been running a Bug Bounty trial with a number of our clients, which we’re pleased to say has been successful. Now, we’re ready to open our Bug Bounty service up to the world.
As a leading cybersecurity service provider, we’re privileged to work with our clients on some of the most difficult security problems facing organisations today. Our technical assurance teams are experts in a number of fields, e.g.
A Bug Bounty programme provides some of the features found across these three methods of assurance, as well as some unique features of its own. Consequently, organizations are increasingly augmenting their assurance programme with bug bounty services.
Some of the reasons for that include:
Penetration tests are an important part of an effective assurance programme. Bug Bounty programmes augment that and combined, they bring even greater levels of assurance.
Why choose Nettitude to provide a Bug Bounty service for your organisation?
First and foremost, comes peace of mind. We’ve spoken to CISOs the world over about their experiences with Bug Bounty programmes. By and large, their feedback has been that such programmes provide real value. Then, there’s usually a pause, followed by a “but”. That “but” tends to be concern around the trustworthiness of the people conducting the testing.
It’s not uncommon to hear about Bug Bounty hunters straying well out of scope, sometimes intentionally. For a critical production system, that presents an unacceptable risk. Where CISOs have mandated background checks, the quality of findings usually then falls. Unsurprisingly, some of the most talented people are not open to background checks.
Our team are background checked, security cleared, known and vetted entities. They also happen to be some of the most skilled security professionals in the world.
Bug Bounty programmes usually include a lot of production infrastructure in scope for testing. With this, are inherent safety requirements. Trust and safety represent two of our very highest priorities.
Our fully background checked bug hunters all test from the same IP address range, so you can easily attribute any testing activity to Nettitude. Our team draws upon many years of experience to conduct their work safely and methodically; your programme will be run under the same risk management controls that we’ve continuously developed since 2003.
Bug Bounty programmes typically focus on internet facing systems as a matter of practicality. We can leverage our remote testing technology to safely test internal systems and other less traditional Bug Bounty scope.
Our bug hunters are the same talented and experienced people that make up out Penetration Testing Team, our Red Team, and our Research and Innovation Team. They’re the same people who have spent years assessing the production systems of central banks, critical national infrastructure, government, and plenty more. Together, they’ve compromised some of the most well secured systems on the planet. Today, we’re bringing that collective talent to our bug bounty service. We will find vulnerabilities that others can’t, and you’ll be shielded from low quality findings.
Your programme will be managed by one of our offensive security professionals. They each have a long history of penetration testing expertise and are dedicated to ensuring the smooth operation of your Bug Bounty programme, from start to end. The programme manager will work with you from the very beginning to ensure that the programme design meets your objectives in the most effective manner possible. They will review all submissions for quality before they’re released to you. They will be your primary point of contact for all things Bug Bounty related.
When we find previously undiscovered vulnerabilities in third party software, otherwise known as 0days, we will be happy to leverage our coordinated disclosure team to quickly and effectively work with the vendor to get their product patched and your environment secured.
Of course, we’ll retest any given vulnerability over and over until both your organisation and our bug hunters are confident that it’s been successfully remediated. You’ll get direct access to our team of security professionals via our online portal.
Oh, and did we mention? All of this is free of charge! No management fee, no disclosure fee; pay for vulnerabilities and only vulnerabilities.
We run our Bug Bounty service via an online portal. This ensures a consistent and repeatable service that you can access on demand.
Just a few of our platform features include:
Of course, there’s plenty more besides.
We would love the opportunity to talk to you more about our Bug Bounty service. To find out more, please contact your local team.
Learn more about our incident response services.