|
|
|
|
|
|
by tptacek
2010 days ago
|
|
|
It seems like what you're describing here is simply a bug bounty program. The reason companies pay for app pentests and also run bug bounties is that the two modalities find different kinds of bugs. App pentesters generally get a lot of intel about their targets (source is not unusual). You're also getting a team with bios and a final deliverable that records the diligence work done, which is not an outcome you get with a bounty program. But you can do things in between. It's not crazy to offer a gig to someone who has delivered a good finding on a bounty project. But you have to do something to incentivize them beyond what the bounty already does, and the most normal way to do that is to not make payment contingent. |
|
|