Penetration testing & BB
A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system or applications. A pen test is a service that will be done by a specific company for a limited time and money and by limited specialists. Pen tests can be done only for closed code.
Bug Bounty program - also known as a vulnerability rewards program (VRP), offers rewards to individuals (security researchers, hackers) for uncovering and reporting software bugs. The public Bug Bounty program has unlimited time and budget and everyone on the platform can participate. Bug bounty can be done for both closed and open-source code.
| Option | Bug Bounty | Penetration testing |
|---|---|---|
Limited time | usually no | yes |
Limited budget | usually no | yes |
Everyone can submit vulnaribility report | yes (and no for private programs) | |
Program owner (client) can pay in native token, stable coins, fiat | yes | no (usually stable coins and fiat) |
Only specific company can participate | no | yes |
Can be done for both closed and open-source code | yes | no (only closed code) |
Last updated