Website Bug Bounty Security pricing suggestions

bountysite

Corporate Member
Corporate Member
Joined
Oct 11, 2017
Messages
25
Best answers
0
Ratings
14
Points
3
#1
I have been going back and forth on how to provide Bug Bounty program for Hosting.

Bounty Program is a reward program where security researchers get paid for discovering and reporting software bugs.
So, the idea is to get paid for every severe threat/new malware in site. The site is backed up and scans are run offline. The customer is notified and charged 1$, and can then fix by applying our free patches or upgrade/fix on his/her own. This only works for open source applications.

I am stuck with how to charge customers.
1) Customer can pre buy 5 bounties(at 1$ each) with 5 year validity and max 5$ cap per year(beyond which all are free). On exhaustion, customer would have to refill.

Bounty model makes sense for a customer, for a proactive security measure. From our perspective, this model works for large scale customers. Patch Manager can be made free.


2) Give everything as backup service and price accordingly. We loose the fun of Bounty.

The truth about security is nobody can guarantee 100% security. With Bounty model, we are only charging customer for a True positive threat/malware. It is worth every penny for a customer, and it is serviceable.

Forum users: What is your take on this?
 
Joined
Jul 8, 2016
Messages
40
Best answers
0
Ratings
7
Points
8
#2
1$ likes free service with me, and I consider it as lowest price I can buy an online service.

Why you don't try with this price and if you have more customers that convert from your visitors then it is effective, even you can increase price when there are more customers need your service.
 

bountysite

Corporate Member
Corporate Member
Joined
Oct 11, 2017
Messages
25
Best answers
0
Ratings
14
Points
3
#3
We cannot bill for 1$, as there are payment gateway transaction charges, and billing overhead. Though, it can be piggy backed with other services like backup, and brought together.

Besides, we want to offer this to hosting providers to resell along with hosting services.
 

bountysite

Corporate Member
Corporate Member
Joined
Oct 11, 2017
Messages
25
Best answers
0
Ratings
14
Points
3
#4
One review that I got is Bug Bounty is misleading.

May be I should call it Bounty Security, instead. For now, I have decided to offer the services as free. Then I will decide on how to price it.
 
Recommended Threads
Replies
5
Views
2,066
Replies
10
Views
5,094
Replies
26
Views
3,563

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top