Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Bounty Program Execution

Bounty Program Execution

Section titled “Bounty Program Execution”

5 automated security scanners

Program Response Consistency

Section titled “Program Response Consistency”

Purpose: Ensures consistent handling of security issues, equal treatment of researchers, and uniform application of company policies across different incidents.

What It Detects:

  • Identifies repeated language or templates used in responding to similar security issues.
  • Analyzes how researchers are acknowledged and rewarded across different reports.
  • Verifies that company policies are applied consistently across all security incidents.
  • Examines the language used in incident reports to ensure consistency.
  • Evaluates the tone and content of public communications regarding security incidents.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for maintaining a uniform security posture and ensuring fair treatment of researchers, which directly impacts the company’s reputation and trust in its security practices.

Risk Levels:

  • Critical: Failures to consistently handle issues can lead to significant damage to the company’s brand and trust among stakeholders.
  • High: Inconsistent handling of incidents may result in unfair treatment of researchers, leading to dissatisfaction and potential legal risks.
  • Medium: Variations in response times or language usage might indicate a lack of standardized security practices, affecting incident management efficiency.
  • Low: Minor inconsistencies might not have significant impact but are still recommended to be addressed for continuous improvement.
  • Info: These findings provide informational insights that can guide strategic decisions on improving internal processes and public communication strategies.

Example Findings:

  1. A company consistently uses the same language in responses to data breach incidents, which has been identified as a pattern of similar issue handling across different reports.
  2. Researchers have reported varying levels of acknowledgment and bounty payouts for the same type of vulnerability report, indicating potential inconsistencies in researcher treatment equality.

Duplicate Finding Management

Section titled “Duplicate Finding Management”

Purpose: The Duplicate Finding Management Scanner is designed to streamline the process of detecting and addressing previously reported security issues. It aims to prevent researchers from duplicating efforts and ensures that credit for findings is appropriately allocated by identifying duplicate incidents, similar issues, and public disclosures across various platforms such as GitHub, LinkedIn, news articles, job boards, and SEC filings.

What It Detects:

  • Previous Incident Reports: Identifies mentions of past security incidents or breaches in public records, searching for specific keywords related to data breaches, security incidents, unauthorized access, and compromised systems.
  • Researcher Credit Allocation: Checks for references to previous researchers who reported similar issues, ensuring that credit is given to original reporters by identifying duplicate findings.
  • Similar Issue Treatment: Compares new reports with existing ones to ensure consistent handling of similar security issues across different reports.
  • Public Records Review: Scans public sources such as GitHub, LinkedIn, news articles, job boards, and SEC filings for relevant information about past incidents, technology stack disclosures, and certification claims.
  • Code and Security Advisories Analysis: Searches GitHub repositories and security advisories for mentions of previously reported issues, analyzing code for patterns that indicate known vulnerabilities or similar security problems.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for maintaining transparency and integrity in the security research community, ensuring that efforts are not duplicated unnecessarily and that credit is appropriately given to those who have reported previously known issues. It helps in avoiding redundant work and ensures a consistent approach to handling similar vulnerabilities across different reports.

Risk Levels:

  • Critical: Conditions where there is an immediate threat to critical systems or data, requiring urgent attention and resolution.
  • High: Conditions where significant risk exists with potential severe consequences if not addressed promptly.
  • Medium: Conditions where the impact is notable but manageable, typically requiring a more structured response plan.
  • Low: Conditions where risks are minimal and can be managed through standard procedures.
  • Info: Conditions providing informational insights that do not directly affect security posture but may be useful for strategic planning.

If specific risk levels are not specified in the README, these general descriptions should guide understanding of the severity of potential findings.

Example Findings: The scanner might flag instances where a previously reported data breach is mentioned across multiple platforms or when similar vulnerabilities are detected in different parts of the codebase but have been previously disclosed and resolved.

Time-to-Resolution Patterns

Section titled “Time-to-Resolution Patterns”

Purpose: The Time-to-Resolution Patterns Scanner is designed to analyze breach disclosure language and remediation timelines in order to detect slow fix velocity, improper prioritization of issues, and the aging of security vulnerabilities. This tool helps identify organizations that may be underinvesting in timely security responses or failing to address critical issues promptly.

What It Detects:

  • Breach Mentions: The scanner identifies explicit mentions of data breaches, security incidents, unauthorized access, and compromised systems using patterns such as “data breach,” “security incident,” “unauthorized access,” and “compromised.”
  • Tech Stack Disclosure: It detects mentions of specific technology stacks that may indicate vulnerabilities or areas requiring attention, including AWS, Azure, GCP, Kubernetes, Terraform, Ansible, Docker, Splunk, Datadog, and Elastic.
  • Certification Claims: The scanner identifies claims of compliance with security standards and certifications such as SOC 2, ISO 27001, PCI DSS, and HIPAA compliance.
  • Remediation Timelines: It analyzes the time taken to address security issues and breaches, identifying patterns indicating slow response times or delayed remediation efforts.
  • Issue Aging: The scanner tracks the duration of known vulnerabilities and unaddressed security issues, detecting instances where critical issues remain unresolved for extended periods.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for organizations aiming to maintain a robust security posture and ensure timely responses to potential breaches or vulnerabilities. It helps in identifying areas where investments could be optimized to enhance the overall security response time, thereby reducing risk exposure and maintaining stakeholder trust.

Risk Levels:

  • Critical: The scanner flags conditions that are absolutely critical for immediate attention, such as explicit mentions of data breaches without any remediation timeline provided or significant delays in addressing vulnerabilities.
  • High: Conditions that pose a high risk include clear indications of inadequate tech stack management (e.g., lack of disclosure about specific technologies) and slow response times to breach disclosures.
  • Medium: This category includes situations where there are mixed signals regarding security practices, with some compliance claims but no detailed timeline for remediation or unresolved critical issues.
  • Low: Informational findings that do not directly impact the core risk profile but still warrant attention include minor discrepancies in disclosure language and minimal delays in addressing vulnerabilities.
  • Info: These are purely informational findings that provide context on security practices without being inherently risky.

Example Findings:

  1. The company’s website mentions a “data breach” but does not specify the nature of the incident or any timeline for remediation, indicating a critical risk due to lack of transparency and immediate action required.
  2. There is no mention of specific technology stack in use, which could be considered medium-risk as it suggests potential vulnerabilities without clear management strategies.

Program Transparency Level

Section titled “Program Transparency Level”

Purpose: The Program Transparency Level Scanner evaluates the transparency of a company’s disclosure policies, fix timelines, and communication openness regarding security incidents. This tool helps identify whether a company is transparent about its security practices and how it handles breaches.

What It Detects:

  • Disclosure Policy Mentions: Identifies statements related to breach disclosure policies, checking for explicit mentions of data breach response plans and transparency commitments.
  • Fix Timeline Indicators: Looks for references to timelines for addressing security issues, detecting mentions of specific timeframes for patching vulnerabilities or resolving incidents.
  • Communication Openness Statements: Searches for indications of open communication channels during and after breaches, identifying statements about transparency in sharing information with stakeholders.
  • Breach Mentions: Detects references to past security incidents, data breaches, or unauthorized access events, including specific terms like “data breach,” “security incident,” “unauthorized access,” and “compromised.”
  • Technical Stack Disclosure: Identifies mentions of technology stacks used by the company, looking for keywords related to cloud services (AWS, Azure, GCP), container orchestration (Kubernetes), configuration management tools (Terraform, Ansible, Docker), and monitoring solutions (Splunk, Datadog, Elastic).

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: Understanding a company’s transparency level regarding security incidents is crucial as it directly impacts the trustworthiness and reliability of its services. Transparent companies are more likely to be trusted by customers, investors, and regulatory bodies, which can positively influence their market reputation and compliance posture.

Risk Levels:

  • Critical: Conditions that would lead to a critical severity finding include explicit but vague or generic statements about security practices without concrete evidence of proactive measures taken post-incident.
  • High: Conditions for high severity include mentions of breach events without clear disclosure policies, lack of specific timeframes for fixing vulnerabilities, and minimal communication with stakeholders after the incident.
  • Medium: Conditions for medium severity involve ambiguous or unclear statements about security practices that do not provide substantial evidence of proactive measures or timely communications post-incident.
  • Low: Informational findings at low risk level are those that indicate basic compliance with standard disclosure policies, albeit without exceptional transparency or proactive communication strategies.
  • Info: This category includes purely informational disclosures about technology stacks used by the company, which do not directly impact security risk but provide context on technological capabilities and infrastructure.

If specific risk levels are not detailed in the README, they have been inferred based on the scanner’s purpose and potential impacts.

Example Findings:

  • “The company mentions a data breach without specifying details or any mention of proactive measures to mitigate future risks.”
  • “There is no clear timeline provided for fixing vulnerabilities mentioned during an incident, indicating poor fix timeline management.”

Report Handling Effectiveness

Section titled “Report Handling Effectiveness”

Purpose: The Report Handling Effectiveness Scanner evaluates the efficiency of breach reporting processes, accuracy of assessments, and completeness of resolutions by analyzing public records and open-source intelligence (OSINT) data. This helps identify potential gaps in how organizations handle security incidents.

What It Detects:

  • Breach Mentions: Identifies mentions of breaches or security incidents using patterns like “data breach”, “security incident”, “unauthorized access”, and “compromised”.
  • Tech Stack Disclosure: Detects disclosures of technology stacks used by the company, including AWS, Azure, GCP, Kubernetes, Terraform, Ansible, Docker, Splunk, Datadog, or Elastic.
  • Certification Claims: Looks for claims related to certifications such as SOC 2, ISO 27001, PCI DSS, and HIPAA compliance.
  • Subdomain Discovery: Discovers subdomains associated with the company’s domain using Certificate Transparency logs.
  • Breach History: Checks if the company has a history of breaches by querying HaveIBeenPwned API.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial as it helps organizations identify potential gaps in their breach reporting processes, ensuring that security incidents are handled efficiently and effectively. It aids in improving the overall security posture by highlighting areas where disclosures or certifications might be lacking.

Risk Levels:

  • Critical: The scanner identifies critical issues such as unreported breaches or significant data types compromised without prior disclosure.
  • High: High severity findings include incomplete or inaccurate breach disclosures and missing technology stack information that could lead to unauthorized access or other severe consequences.
  • Medium: Medium severity includes partial compliance with security certifications, which may not fully protect sensitive information but still represents a risk if left unaddressed.
  • Low: Low severity issues pertain to minor discrepancies in disclosure statements or subdomain discovery where the impact is minimal but should be resolved for completeness and accuracy.
  • Info: Informational findings are generally non-critical details that can be useful for further investigation but do not pose immediate risks.

Example Findings:

  • A company fails to disclose a significant data breach affecting customer email addresses and passwords, which could lead to severe consequences if left unaddressed.
  • The technology stack used by the company includes outdated or unsupported technologies like AWS Classic services instead of more secure alternatives such as AWS Lambda or Azure Functions.