We are not just a bug bounty platform or self service system. Hackrfi offers a bug bounty programs as a full service. Our service includes not only the reporting system but also marketing the program to security researchers, tailored program rules and expert support in validating and evaluating the incoming reports. This saves you a lot of effort so you can focus on evaluating the impact of the reports on your business. We also handle all the communication between you and the reporter, and can help you with the bounty payment. This is a true turnkey service, we can also help you turning the key if you want. It's that easy!
It's important to define clear boundaries to your bug bounty program: what are the acceptable targets, what can be tested, how they can be tested and for how long. We bring you rules already tailored to fit the Finnish legislation. Clear boundaries and rules help researchers to focus their efforts to correct systems and avoid confusion.
With Hackrfi you'll get to enjoy the multitude of skills in the hacker community. Use our bug bounty program service either as a standard part of your system development lifecycle or as an additional tool in your normal penetration testing program. Both are valid options, your business needs will dictate the best way!
With this program, there will be reports. The experts at Hackrfi will help you prevalidating the reports and will forward the client only the reports with real security impications for evaluation. It's critical to evaluate the findings based on their criticality and schedule corrective actions accordingly. A non-disclosure agreement on the reported but not yet fixed issues will bind the parties in the program. This is non-negotiable.
All communication between the security researchers and the client organisation goes via Hackrfi. This means our experts help both parties to reach understanding. We follow the response times set in the program and track the status of reported issues. This ensures good usability and quality of our service.
Pay for the results, not for the effort. We can suggest a good bounty value structure based on your program and business type. The bounties motivate members of the security research community to help you enhance your security posture by reporting issues. We can also help you navigate the bounty payment mechanics in Finland and communicate between you and the reporter all through the payment process.