Bountyfactory.io – the first European Bug Bounty platform – was launched in early 2016.

Unlike some other platforms, Bountyfactory.io presents some specific and legal features that are designed to strengthen its relevance, security and legitimacy.

Above all, Bountyfactory.io focuses on security and legal framework :

Our Servers are based in Europe. Therefore, No data exposure to the US services via FISA, Patriot Act, Freedom Act.

  • BountyFactory uses OVH dedicated cloud that is subject to Service Organization Controls namely SOC 1 type II (SSAE 16 et ISAE 3402) & SOC 2 type II
  • Our infrastructure is ISO 27001 certified
  • Each vulnerability, each report, each comment is encrypted before being stored in our database and only identified actors are access granted.
  • In terms of financial transactions : BountyFactory complies with the following norm > The Payment Card Industry Data Security Standard (PCI DSS)
  • In terms of Privacy, BountyFactory is subject to EU Data Protection Reform (January 2012) While the Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018.
  • Our payment system, MangoPay, is tightly compliant to EU legal framework in terms of anti Money laundering and anti financing terrorism

mangopay_european_legal_framework

***

Beyond that essential standards, let’s go deeper into BountyFactory.io in order to discover some useful and relevant features :

As a customer – once logged in as Admin-manager – you will be able to digitally sign the General Terms & Conditions of Use thanks to YouSign Company based in France and subject to both French and European Law.

The GTU signing process

Send Bug Bounty Confirmation Code

Validation of the signing Process

signing process

Still as a customer, you are free to Credit and Refund your account any time you need.

Bug Bounty Credit and Refund

By default, your bug bounty program will be private so you can select the hunters (max 50 people) you want to invite.

For instance, you can choose BountyFactory core Team made of 10 people.

Yes We Hack Bug Bounty Private Team

And let the game begin !

The chosen hunters will start searching for vulnerabilities within the scope you defined with BountyFactory Manager.

Bug Bounty Program Management is a differentiating criterion and this feature will be the topic of the a forthcoming and dedicated post.

In order to win efficiency and time : only confirmed true vulnerabilities are taken into account.

Therefore, you will see the amount of bugs found in your dashboard . Each Bug is categorized according to OWASP criteria.

The screenshot below shows more details about the gamification feature focusing on the quality of reports submitted by Bug Bounty Hunters.

The admin-manager is able to rate and allocate one or several points to a well written report on one vulnerability .

Validation of the Vulnerability Report

Over Communicate

Comments are very useful to discuss some details with the researcher and it strengthens significantly the level of communication between the requester and the hunters.

Comments of the Vulnerability Report

One important step is the following : The way you will be able to reward a good hunter.

Thanks to MangoPay technology and security, one hunter can be paid by credit card or through your wallet. MangoPay is a service provided by the French Bank > Crédit Mutuel Arkéa

Rewarding Bug Bounty Hunter

The Dashboard gives you an overview of bug types and statuses

Dashboard

types_of_bug_bounty

As a Game Master : manage your Budget, your Timing, your Hunters

For instance, the screenshot shows you can keep an eye on your budget by checking statistics of the ongoing bug hunting (average and max rewards out of your total budget)

budget_average_reward_bug_bounty

Any time, you can choose to switch from a private program to a public program.

Switching from Private to Public Status

This step is specifically critical so BountyFactory Manager will be notified.

In order to avoid failure, YesWeHack Program manager will double check with the requester if it is a legitimate move.

To sum up, BountyFactory.io provides original features that will help customers managing their Bug Bounty Programs with all the specs, layers of security and trustworthy norms.

rihannaRegister and open your own bug bounty program !

***

/!\ Keep in mind /!\

We Have More Features to Show You

We will keep You posted folks !


Read More > Our FAQ