It is often impossible to run a separate security audit for each release and thus our answer for this is bug bounty program.
Most of the companies have increasing number of services, applications and components listening the network and available for your partners, customers, employees, friends and virtually the everyone. While this is great for business it also means that the complexity or the exposed systems has gone (or is soon to go) through the roof. This makes it often impossible to run a separate security audit for each release and thus our answer for this is bug bounty program. This does not completely substitute the need for more traditional assessments or security engineering work but complements those in cost effective way.
The model is extremely simple
- Hire our expert team and define the digital boundaries where we are allowed to operate (can be single application or network of hundreds of targets).
- Our expert team with proved skills and track record in successful bug hunting starts going through digital space and search for anything a malicious actor could use.
- Once weakness is found and confirmed, we report it to you using the method best suited for You (e.g. internal Jira, email, reports, …)
- We help to respond to the flaws by providing Nixu’s competences. Regardless of the need (incident response, software security support or privacy experts) – we are here to help.
- And we keep on going as long as our contract holds.