# Penetration testing & BB

A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system or applications. A pen test is a service that will be done by a specific company for a **limited time and money and by limited specialists**. Pen tests can be done **only for closed code**.

Bug Bounty program -  also known as a vulnerability rewards program (VRP), offers rewards to individuals (security researchers, hackers) for uncovering and reporting software bugs. The public Bug Bounty program **has unlimited time and budget and everyone** on the platform can participate.  Bug bounty can be done **for both** closed and open-source code.

| Option                                                             | Bug Bounty                        | Penetration testing                |
| ------------------------------------------------------------------ | --------------------------------- | ---------------------------------- |
| Limited time                                                       | usually no                        | yes                                |
| Limited budget                                                     | usually no                        | yes                                |
| Everyone can submit vulnaribility report                           | yes (and no for private programs) |                                    |
| Program owner (client) can pay in native token, stable coins, fiat | yes                               | no (usually stable coins and fiat) |
| Only specific company can participate                              | no                                | yes                                |
| Can be done for both closed and open-source code                   | yes                               | no (only closed code)              |