Penetration testing & BB
Last updated
Last updated
A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system or applications. A pen test is a service that will be done by a specific company for a limited time and money and by limited specialists. Pen tests can be done only for closed code.
Bug Bounty program - also known as a vulnerability rewards program (VRP), offers rewards to individuals (security researchers, hackers) for uncovering and reporting software bugs. The public Bug Bounty program has unlimited time and budget and everyone on the platform can participate. Bug bounty can be done for both closed and open-source code.
Option | Bug Bounty | Penetration testing |
---|---|---|
Limited time
usually no
yes
Limited budget
usually no
yes
Everyone can submit vulnaribility report
yes (and no for private programs)
Program owner (client) can pay in native token, stable coins, fiat
yes
no (usually stable coins and fiat)
Only specific company can participate
no
yes
Can be done for both closed and open-source code
yes
no (only closed code)