A few answers to your questions
Vulnerability Rewards Program or Bug Bounty Programs are offered by enterprises by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse.
SafeHats is the Vulnerability Rewards Program run by Instasafe using which your enterprise can leverage the brainpower of security researchers to pentest your apps.
You can sign up at SafeHats website after which 1. Create your VRP 2. Launch the program 3. Get filtered reports from Safehats.
Applications are attacked without invitation too. Indeed you are incentivizing researchers to discover bugs soon, there by limiting the chances of a security threat.
Private program is where the invitations are sent only to the SafeHats curated list of security researchers.
Public program is where the invitations will be sent to all the security researchers registered with Safehats.
All the security researchers have to agree to the standard disclosure policy in order to be part of a VRP program. Additionally they also have to agree to each company specific disclosure policy and terms of conditions. You can also specify the eligibility,scope of the program and the rewards the researchers will be receiving in exchange for the vulnerabilities identified which keeps them motivated to work with you.
It’s best to run your programs now with a time frame of 1 month to 3 months. We will be launching on going programs in a while.
Data is encrypted before being stored in our system. Only your team members with access privilege will be able see your data.