While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the “Application Crowdtesting Services” category.
We have compiled the top 5 most promising bug bounty platforms for those of you who are looking to enhance your existing software testing arsenal with knowledge and expertise from international security researchers:
Being a unicorn backed by numerous reputable venture capitalists, HackerOne is probably the most well-known and recognized Bug Bounty brand in the world.
According to their most recent annual report, over 1,700 companies trust the HackerOne platform to augment their in-house application security testing capacities. The report likewise says that their security researchers earned approximately $40 million in bounties in 2019 alone and $82 million cumulatively.
HackerOne is also famous for hosting US government Bug Bounty programs, including the US Department of Defense and US Army vulnerability disclosure programs. Like some other commercial providers of Bug Bounties and Vulnerability Disclosure Programs (VDP), HackerOne now also offers penetration testing services stuffed with vetted security researchers from around the globe. HackerOne has a solid portfolio of security certifications, including ISO 27001 and FedRAMP authorization.
images from Hacker News