Penetration testing & BB

A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system or applications. A pen test is a service that will be done by a specific company for a limited time and money and by limited specialists. Pen tests can be done only for closed code.

Bug Bounty program - also known as a vulnerability rewards program (VRP), offers rewards to individuals (security researchers, hackers) for uncovering and reporting software bugs. The public Bug Bounty program has unlimited time and budget and everyone on the platform can participate. Bug bounty can be done for both closed and open-source code.

Option

Bug Bounty

Penetration testing

Limited time

usually no

yes

Limited budget

usually no

yes

Everyone can submit vulnaribility report

yes (and no for private programs)

Program owner (client) can pay in native token, stable coins, fiat

yes

no (usually stable coins and fiat)

Only specific company can participate

yes

Can be done for both closed and open-source code

yes

no (only closed code)

PreviousCrowdsourced Audit & BB NextEmergency

Last updated 5 months ago