Bug Bounty Program

Description

UNGUESS Security is a continuous, always-on offensive security platform designed to help organizations scale vulnerability discovery and validation using a managed model and a community of vetted, certified ethical hackers working in close collaboration with internal security and engineering teams. 

At its core, UNGUESS Security combines two elements:

1. A trusted community of security researchers
   UNGUESS Security is backed by a growing community (with a strong Italian and French footprint) of certified professionals who are technically assessed, identity-verified (KYC), and contractually bound by terms, privacy policies, and a code of conduct. Researchers are ranked and invited to private programs based on proven performance, enabling companies to tap into diverse skill sets (web, mobile, API, cloud, IoT/OT, etc.) without the typical bottlenecks of hiring and retention: https://security.unguess.io/ 
2. A collaboration and governance platform
   UNGUESS Security provides a central platform to run offensive security programs end-to-end: scope definition, researcher engagement, submission handling, triage, communication with researchers, and operational reporting. Findings are delivered as actionable tickets with reproduction steps and can be integrated into existing workflows (e.g., Jira), allowing security teams to move from discovery to remediation without friction. 

Beyond Bug Bounty: a full suite of offensive services

UNGUESS Security extends the same community + platform approach to multiple offensive security needs, including:

• Vulnerability Disclosure Programs (VDP) and coordinated intake for external reports
• Vulnerability Assessment / Penetration Testing (VA/PT)
• Red Teaming augmentation (community-based specialist support for red team objectives)
• AI Security Testing for AI/LLM-enabled products (prompt injection/jailbreaks, sensitive data leakage, tool/plugin abuse, authorization bypass via AI flows, poisoning risks, and “controls in practice” validation) 
• Dark Web Intelligence, phishing simulations, and adjacent threat-focused services 
• Live-hacking events for time-boxed, high-intensity coverage
• etc. 

Why organizations adopt UNGUESS Security

UNGUESS Security is designed around the realities CISOs face today: expanding attack surfaces (APIs, cloud, IoT, AI), faster release cycles, rising threats/costs, and a structural talent shortage. By combining a vetted crowd with a governed platform, organizations get:

• Scale (many minds, many skills, parallel discovery)
• Speed (real-time alerts and faster remediation feedback loops)
• Cost control (success-fee logic, bounty caps, and flexible scope over time)
• Operational confidence (managed triage, deduplication, reporting, and integrations)

We work usually with CISO in big corporation Italy and France, like Carrefour, Iveco, Sisal, Edison, Poligrafico zecca dello stato, INPS, Regione Sicilia, FS, etc.