The global community has faced dramatic intensification of cybercrimes against entities during the coronavirus pandemic period. Hackers are targeting not only businesses but also government agencies and healthcare institutions. For example, the FBI reported on the 300% increase in the number of cybercrimes committed during the pandemic period compared to the pre-pandemic time. Entities realize that one-time security measures do not bring desired outcomes and that is why they start considering bug bounty programs offering permanent security testing solutions as an effective instrument to boost their resistance to cybercrimes.

What is a bug bounty program?

The bug bounty program is the security solution that allows companies to invite independent ethical hackers (researchers) to work on identifying their security issues and reporting on them. You may find more information about bug bounty programs, their rules, scope, and benefits in the article recently published in HACKERNOON. Companies may either organize bug bounty programs on their websites or contact specialized companies to run such programs on their platforms. As of 2021, there are a number of professional bug bounty platforms among which such projects as Bugcrowd, HackerOne, HackenProof, Intigriti, and YesWeHack may be considered as leading platforms.

The analysis demonstrates that bug bounty platforms do not actively disclose the information even about their public programs. The US bug bounty platforms are recognized as the global leaders running the biggest number of bug bounties and encompassing up to 1 mln white hackers. However, the number of active hackers may be dozens of times lower than the number of registered ones. That is why among 1 mln hackers registered on the HackerOne platform there may be only up to 50K active researchers. However, when we look at HackenProof, we see that despite being the smallest platform by the number of registered researchers among the selected projects, this platform has a high share of active white hackers.

The US platforms, due to their strong status and image in the market, draw the attention of the biggest companies in the world such as technological giants striving to further boost their security. That is why the hackers working on detecting the vulnerabilities of the companies that run bug bounties on the US platforms can get much higher maximum rewards compared to the ones offered by their European competitors. However, European platforms like Intigriti, YesWeHack, and HackenProof offer similar terms of cooperation to researchers and also actively work with government institutions. We clearly see that European bug bounty platforms try to sustain their competitiveness on the global market and to this end focus on the quality of services provided to clients.

European bug bounty platforms are likely to experience further growth especially the Eastern European one where bug bounties are a recent trend. However, there are many highly qualified engineers in this region who get relatively low wages and, thus, are very motivated to work on detecting bugs and vulnerabilities within the framework of bug bounty platforms. Let us look closer at the high promising HackenProof platform that is the youngest one among its European competitors and represents the Eastern European region.

Why HACKENRPOOF?

Based on the data provided above, we see that HackenProof is the most transparent platform providing full information about the bugs found and rewards paid to researchers and, compared to other top European platforms, it offers also penetration testing services to clients. HackenProof is also open to communication with potential customers and researchers and to this end, the platform uses the chatbot. HackenProof prioritizes meeting security standards and, thus, thoroughly verifies hackers before registering their accounts. Hackers have to submit a copy of the documents such as national pass, driver license, ID Card, and others that prove the information provided in the registration form.

As we can see from the announcements made by the HackenProof team on media channels and during industry events such as Cybertech Global UAE-Dubai 2021, HackenProof is going to make its platform more functional and competitive both for clients and researchers by:

1. Introducing the SaaS model - clients will be able to register their bug bounty programs on the platform without the need to contact the HackenProof team;
2. Developing flexible pricing schemes;
3. Working on the further development of its live hacking event concept;
4. Providing greater bonuses to researchers.
5. Lowering Fee.

As we can trace from the comments made by the project’s team, HackenProof considers its model of interaction with clients, namely the philosophy that clients should be treated as main business partners, a key factor behind its future rapid development.