日本語版のサイトをお探しの方はこちらから

White hat hackers will be your allies in your company's security

Get Started FreeContact Us

Bug Bounty

What is bug bounty?

Bug bounty offers the white hat hackers, who work as active security engineers, receive rewards for finding vulnerabilities in company services and systems.

Why Choose Us

Reason Behind Using Bug Bounty

01

Outsourced Operations

"I want you to judge how serious the vulnerability is" "I can't deal with many reports" Please leave it to me! It is possible to leave vulnerability diagnosis reviews to us.

02

Hassle-free Introduction

Those interested in the bug bounty but find it challenging to prepare and attract researchers can quickly start diagnosing bugs by simply entering their information in the target fields.

03

Performance-based

There is no fixed fee. Since there is no cost if no vulnerabilities are found by hackers, IssueHunt is superior in cost-effectiveness compared to traditional vulnerability assessments.

04

Largest platform in Japan

IssueHunt was just launched last July but has already grown to become the largest bug bounty & VDP platform in Japan. You may be invited to join the full invitation-only program.

Rate Structure

Initial Cost
Free
Monthly Fee
Free
Commission
20% paid to white hat hackers

IssueHunt is the place to start for security measures that will become a competitive advantage.

FAQ

Frequently Asked Questions

Q.How should I contact the researcher?

You can communicate with the researcher via the IssueHunt message function. However, only the researcher and your company can view the contents of messages, and third parties cannot.

Q. Wouldn't the budget be skyrocketing? Is there a limit?

Programs can be suspended, discontinued, or resumed at any time. For example, programs can be suspended when a predetermined budget is reached and then resumed at any time.

Q. I don't want to show the program to the public. Is there any way to hide it?

We have "Invitation Only Programs," which completely hide the program from search pages, etc., and only invite researchers who have been invited to the program. We also offer "Public Programs" that are open to anyone, so you can switch between them anytime.

Q. Do I have to make the vulnerabilities report public?

You do not have to make your report public. However, we understand that there are some reports you cannot or do not want to make public, so there is no problem if you choose to keep your report private.

Q. Do I have to pay for all reports?

No, you don't have to. Your company will decide whether or not to pay for the reports, and only those reports eligible for payment will be paid. Duplicate reports and reports that are not eligible for compensation will not be paid. If you are unsure whether or not you should pay, please get in touch with our customer support.