(+84) 247 109 9656

What is Bug Bounty?

Bug Bounty is an enterprise security program that connects with a community of experts to find vulnerabilities in products such as websites, applications, network, API. For each bug found, the business will award a bounty to the bug hunter. This is a security model that has received a lot of attention from organizations and businesses today because of its efficiency and cost optimization.

Why use Bug Bounty


An effective Bug Bounty program implementation helps businesses find critical vulnerabilities 7 times faster and more efficiently than traditional forms of testing.

Cost effectiveness

Bug Bounty's bug-based reward model helps businesses optimize investment costs to find security bugs, minimize false alarms or pay a large fee for an inconsistent result. worthy.


According to our statistics, it takes an average of 2 days to find the first critical vulnerability after a customer deploys Managed Bug Bounty. Enterprises can also receive reports as soon as vulnerabilities are found and do not need to wait until the end of the reporting cycle.

Professional Bug Bounty Deployment

CyStack is proud to be the leading reputable Bug Bounty deployer in Vietnam with hundreds of satisfied customers.

Technology platform

Owning the WhiteHub community security platform with thousands of high-quality security experts, CyStack can help your business quickly find and fix dangerous security holes to ensure product development progress.

Professional Services

watch the tutorial

How it works

01. Information collection

CyStack works with customers to determine the size, purpose, and budget of the Bug Bounty program.

01. Information collection

CyStack works with customers to determine the size, purpose, and budget of the Bug Bounty program.

02. Planning

Determine the type of program that is right for the client. Develop Bug Bounty program policy. Allocate the reward for vulnerabilities according to the budget.

03. Program announcement

CyStack announces the program on the platform on behalf of the customer, posting the program launch on the media according to the customer's needs.

04. Receive reports and remediation

CyStack stands in the middle of receiving vulnerability reports, cleaning and categorizing reports, and sending PoC details with remediation recommendations to the customer's IT/Security team for remediation.

05. Re-check

After the customer's IT/Security team reports that it has been fixed, the experts check the vulnerability one last time to make sure it has been completely fixed.

Information collection


Program announcement

Receive reports and remediation


Types of Bug Bounty Programs

Public bug bounty

The public bug bounty program is open, all experts on the platform can see the existence of the Bug bounty program and can search and report vulnerabilities.

Private bug bounty

A private bug bounty is a program where the company invites only a certain number of experts to join the program to find bugs. Also the program information is kept confidential on the Bug bounty platform. Only invited experts know of the existence of the program and are allowed to participate in the vulnerability search.

Semi-private bug bounty

The semi-private bug bounty is a compromise between the two programs above. The semi-private Bug Bounty program can be seen by anyone, but only authorized experts can search for vulnerabilities.