Join our team of security professionals
If you have a U.S. government clearance, or have been cleared in the past, you are eligible to register as a FedBounty Security Researcher.
If you have a U.S. government clearance, or have been cleared in the past, you are eligible to register as a FedBounty Security Researcher.
By crowd-sourcing security testing to a large community of security researchers, you will obtain more comprehensive results than traditional internal security teams can provide.
By paying only for vulnerabilities discovered, instead of consulting hours or fixed price vulnerability assessments, bug bounty programs can significantly reduce the cost of security testing.
Unlike other bug bounty services, each one of our security researchers and penetration testers have U.S. Government issued security clearances to ensure your sensitive information remains protected.
A bug bounty program, also called a vulnerability rewards program (VRP), is a crowd-sourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization’s vulnerability management strategy.
Absolutely. Our bug bounty service has been designed for organizations with operational security (OPSEC) concerns & sensitivities that traditional bug bounty services are not able to accommodate. In addition to government organizations, private sector organizations (e.g. energy companies) often have similar sensitivities and will benefit from our service.
Each bug bounty program has different award bounty payouts, but they typically range from $50 – $5000 per vulnerability. The amount depending on several factors including the the type/quality of the vulnerabilities discovered and when the vulnerabilities are discovered (i.e. first to discover a specific vulnerability receives the bounty).
Currently we are only accepting registrations for security researchers with security clearances granted by the U.S. Government. However, at some point in the future we may offer a bug bounty service that does not require our security researchers to have a clearance, so we would still like to hear from non-cleared security researchers.
No, we do not have the ability to sponsor clearances for security researchers at the moment.
Bug bounties are new to the U.S. Government. In March 2016, the U.S. Pentagon was the first government organization to launch a bug bounty program. The U.S. Army announced a bug bounty program in November 2016.