SafeHats | Managed Bug Bounty ProgramSafeHats | Managed Bug Bounty ProgramSafeHats | Managed Bug Bounty ProgramSafeHats | Managed Bug Bounty Program
  • Solutions
    • Enterprise Bug Bounty Program
    • The Real Hackathon
    • For Startups
  • Researchers
  • Blog
  • Resources
    • Resources
    • FAQ
    • SafeHats Guide
    • Customer Advisory Council
    • Hacker Advisory Council
    • How to sell SafeHats to your Boss?
  • Company
    • Team
    • Careers
    • Partners
    • Newsroom
  • Contact Us
  • LOGIN
  • SIGNUP
    • For Enterprises
    • For Researchers

FAQ

Enterprises

What’s a Bug Bounty Program?

Bug Bounty Programs are offered by enterprises by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse.

SafeHats team will manage the entire program so that they could focus on bug fixing. Once the enterprise is confident of his security posture and want to expose its application to public to receive vulnerability reports that is difficult to exploit.

What’s SafeHats?

SafeHats is a Bug Bounty Program run by Instasafe which your enterprise can use to pentest your app by leveraging the brainpower of security researchers.

How do I join for SafeHats program?

You can sign up at SafeHats website after which 1. Create your Bug Bounty Program 2. Launch the program 3. Get filtered reports from Safehats.

Which types of apps can I put for Bug Bounty Program?

Any category of web and mobile apps.

Will starting a Bug Bounty Program make our apps more vulnerable?

Applications are attacked without invitation too. Indeed you are incentivizing researchers to discover bugs soon, there by limiting the chances of a security threat.

What’s the difference between a Private and a Public program?

Private program is where the invitations are sent only to the SafeHats curated list of security researchers. Public program is where the invitations will be sent to all the security researchers registered with Safehats.

How do I know the security researchers won't compromise our site?

All the security researchers have to agree to the standard disclosure policy in order to be part of a Bug Bounty Program. Additionally, they have to agree to specific disclosure policy and terms/conditions of each company. You can also specify the eligibility, the scope of the program and the rewards the researchers will be receiving in exchange for the vulnerabilities identified which will keep them motivated to work with you.

What’s an ideal time frame for a Bug Bounty Program?

It’s best to run your programs with a time frame of 1 month to 3 months. Note: We will be launching ongoing programs in a while.

How secure is my data?

Data is encrypted before being stored in our system. Only your team members with access privilege will be able see your data.

Where is my data stored?

SafeHats utilizes certified data centers managed by Amazon.

Researchers

What is the disclosure policy?

The disclosure policy provided by each company specifies the guidelines that you have to follow and abide by if you’re participating in the program. The vulnerabilities that are identified by you would be considered sensitive. The organizations expect responsible handling of those vulnerabilities and not disclosing it in public. The policy takes care of these.

How do I report the bugs?

You have to report the bugs as per the format and disclosure policy specified by the each organization.

When do I get the rewards?

The vulnerabilities reported by you will be verified and acknowledged by the security team of the organization. Once they fix the vulnerability you will be compensated with the appropriate rewards.

I’m not an independent researcher, but a company which offers vulnerability assessment services. Can I be part of this program?

SafeHats Bug Bounty Program is open to individuals as of now. Keep checking this space for any further updates.

How do I apply for Bug Bounty Program from an organization?

You can submit your profile by signing up for SafeHats program. We’ll reach out to verify your profile. Once you are successfully onboard, you will start to receive invitations for Bug Bounty Program which matches your profile.

Watch the video

SafeHats Managed Program

Our acclaimed 'Managed Program' has been carefully calibrated to provide the best value for large enterprises. We become an extension of your security setup, by not only creating, deploying, and tracking bugs raised by researchers, but by using in-house expertise to adjust programs as required.

Enterprises Get Started
Researchers Enroll Now

SafeHats is an advanced managed bug bounty platform which connects you to a crowd of highly skilled, trusted and curated security researchers to identify vulnerabilities in your digital assets

Quick Links

  • Home
  • Researchers
  • Blog
  • Contact Us
  • Sitemap

Company

  • Careers
  • Newsroom
  • Partner Program
  • Resources Featured Doc
  • Customer Advisory Council

Important Links

  • Login
  • Signup for Enterprises
  • Signup for Researchers
Copyright © 2020 InstaSafe. All Rights Reserved.
  • Solutions
    • Enterprise Bug Bounty Program
    • The Real Hackathon
    • For Startups
  • Researchers
  • Blog
  • Resources
    • Resources
    • FAQ
    • SafeHats Guide
    • Customer Advisory Council
    • Hacker Advisory Council
    • How to sell SafeHats to your Boss?
  • Company
    • Team
    • Careers
    • Partners
    • Newsroom
  • Contact Us
  • LOGIN
  • SIGNUP
    • For Enterprises
    • For Researchers
SafeHats | Managed Bug Bounty Program