Bountyfactory.io – the first European Bug Bounty platform – was launched in early 2016.
Unlike some other platforms, Bountyfactory.io presents some specific and legal features that are designed to strengthen its relevance, security and legitimacy.
Above all, Bountyfactory.io focuses on security and legal framework :
Our Servers are based in Europe. Therefore, No data exposure to the US services via FISA, Patriot Act, Freedom Act.
- BountyFactory uses OVH dedicated cloud that is subject to Service Organization Controls namely SOC 1 type II (SSAE 16 et ISAE 3402) & SOC 2 type II
- Each vulnerability, each report, each comment is encrypted before being stored in our database and only identified actors are access granted.
- In terms of financial transactions : BountyFactory complies with the following norm > The Payment Card Industry Data Security Standard (PCI DSS)
- In terms of Privacy, BountyFactory is subject to EU Data Protection Reform (January 2012) While the Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018.
- Our payment system, MangoPay, is tightly compliant with EU legal framework in terms of anti Money laundering and anti financing terrorism
Beyond that essential standards, let’s go deeper into BountyFactory.io in order to discover some useful and relevant features :
As a customer – once logged in as Admin-manager – you will be able to digitally sign the General Terms & Conditions of Use thanks to YouSign Company based in France and subject to both French and European Law.
The GTU signing process
Still as a customer, you are free to Credit and Refund your account any time you need.
By default, your bug bounty program will be private so you can select the hunters (max 50 people) you want to invite.
For instance, you can choose BountyFactory core Team made of 10 people.
And let the game begin !
The chosen hunters will start searching for vulnerabilities within the scope you defined with BountyFactory Manager.
Bug Bounty Program Management is a differentiating criterion and this feature will be the topic of the a forthcoming and dedicated post.
Therefore, you will see the amount of bugs found in your dashboard . Each Bug is categorized according to OWASP criteria.
The screenshot below shows more details about the gamification feature focusing on the quality of reports submitted by Bug Bounty Hunters.
The admin-manager is able to rate and allocate one or several points to a well written report on one vulnerability .
Comments are very useful to discuss some details with the researcher and it strengthens significantly the level of communication between the requester and the hunters.
One important step is the following : The way you will be able to reward a good hunter.
The Dashboard gives you an overview of bug types and statuses
As a Game Master : manage your Budget, your Timing, your Hunters
For instance, the screenshot shows you can keep an eye on your budget by checking statistics of the ongoing bug hunting (average and max rewards out of your total budget)
Any time, you can choose to switch from a private program to a public program.
This step is specifically critical so BountyFactory Manager will be notified.
In order to avoid failure, YesWeHack Program manager will double check with the requester if it is a legitimate move.
To sum up, BountyFactory.io provides original features that will help customers managing their Bug Bounty Programs with all the specs, layers of security and trustworthy norms.
/!\ Keep in mind /!\
We Have More Features to Show You
We will keep You posted folks !
Read More > Our FAQ