Disclaimer: the articles are in Russian, but we encourage you to translate them.
Timeweb, one of the biggest web hosting players in Russia, has been a Zerocopter client in the past 6 months. They have been on the market since 2006 as a hosting company that hosts over 400,000 websites. But their services also include website builder, vps/vds, and domain registration. Besides their products and services, they are known for keeping a high standard in securing their platforms.
Because they are constantly launching new services, they reached the conclusion that they need to try bug bounty programs. They conducted a market analysis and decided upon one provided. After a while, they wrote an article about the advantages and disadvantages of bug bounty programs from their perspective and about what to pay attention to when you want to start one. (you can read the article here)
Now they decided to write a follow up article about their experience with this type of vulnerability assessment in the past 2 years and why, eventually, they chose to switch providers. Timeweb also pointed out the steps they considered important in taking such a decision and the possible courses of action.
One of the options was to create a bug bounty program on their own, but they realised that it was too difficult to create the platform, to engage researchers to test the product, control the projects and rewards. So they went back to searching for emerging platforms and they found Zerocopter. Timeweb was attracted by the range of the Zerocopter products which includes Coordinated Responsible Disclosure and also the scanner. Six months later, they are really happy with the 100+ reports and the support from Zerocopter.
We would like to thank Timeweb for their kind words. We couldn’t be happier! You can read all about their experience with bug bounty programs here.