FedBounty

Bug bounties tailored for the U.S. Government.

By Rampant Technologies

Become a FedBounty WhiteHatLearn More about FedBounty

Join our team of security professionals

If you have a U.S. government clearance, or have been cleared in the past, you are eligible to register as a FedBounty Whitehat.

  • Sharpen your pentesting & vulnerability assessment skills

  • Help the country protect its critical infrastructure

  • Earn extra income on your own schedule

  • * Win a Wifi Pineapple TETRA Tactical!

* For every 50 people that register,  a name will be drawn from the group to win a Wifi Pineapple TETRA!

What is unique about FedBounty?

  • Bug bounty service designed specifically for U.S. Government customers

  • Utilizes whitehat security researchers with U.S. Government clearances

  • Created, owned and operated by U.S. federal government contractor

How can FedBounty help my organization?

Comprehensive Results

By crowd-sourcing security testing to a large community of security researchers, you will obtain more comprehensive results than traditional internal security teams can provide.

Lower Costs

By paying only for vulnerabilities discovered, instead of consulting hours or fixed price vulnerability assessments, bug bounty programs can significantly reduce the cost of security testing.

Vetted Participants

Unlike other bug bounty services, each one of our security researchers and penetration testers have U.S. Government issued security clearances to ensure your sensitive information remains protected.

Register / Contact Us

1 + 2 = ?

Frequently Asked Questions

  • What is a bug bounty?

    A bug bounty program, also called a vulnerability rewards program (VRP), is a crowd-sourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization’s vulnerability management strategy.

  • Do you offer bug bounty programs to private sector companies/organizations?

    Absolutely.  Our bug bounty service has been designed for organizations with operational security (OPSEC) concerns & sensitivities that traditional bug bounty services are not able to accommodate.   In addition to government organizations, private sector organizations (e.g. energy companies) often have similar sensitivities and will benefit from our service.

  • As a FedBounty security researcher, how much money will I make?

    Each bug bounty program has different award bounty payouts, but they typically range from $50 – $5000 per vulnerability.   The amount depending on several factors including the the type/quality of the vulnerabilities discovered and when the vulnerabilities are discovered (i.e. first to discover a specific vulnerability receives the bounty).

  • Can I still register if I don’t have a security clearance?

    Currently we are only accepting registrations for security researchers with security clearances granted by the U.S. Government.   However, at some point in the future we may offer a bug bounty service that does not require our security researchers to have a clearance, so we would still like to hear from non-cleared security researchers.

  • Can you help me obtain a security clearance?

    No, we do not have the ability to sponsor clearances for security researchers at the moment.

  • Does the U.S. Government participate in Bug Bounty programs?

    Bug bounties are new to the U.S. Government.  In March 2016, the U.S. Pentagon was the first government organization to launch a bug bounty program.  The U.S. Army announced a bug bounty program in November 2016.

© Copyright 2016 - Rampant Technologies