TrustRadius

Bugcrowd vs. YesWeHack

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Bugcrowd
Score 9.5 out of 10
Mid-Size Companies (51-1,000 employees)
Bugcrowd connects companies' security and dev teams to vetted and talented security researchers worldwide to run crowd-powered private and public bug bounty programs.N/A
YesWeHack
Score 0.0 out of 10
N/A
YesWeHack is a Bug Bounty and Vulnerability Management Platform. Founded by ethical hackers in 2015, YesWeHack connects organisations worldwide to tens of thousands of ethical hackers, who uncover vulnerabilities in websites, mobile apps, connected devices and digital infrastructure. Bug Bounty programs benefit from in-house triage, personalised support, a customisable model and results-based pricing. Clients include Tencent, Swiss Post, Orange France and the French…N/A
Pricing
BugcrowdYesWeHack
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
BugcrowdYesWeHack
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
YesYes
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
BugcrowdYesWeHack
User Ratings
BugcrowdYesWeHack
Likelihood to Recommend
8.0
(1 ratings)
-
(0 ratings)
User Testimonials
BugcrowdYesWeHack
Likelihood to Recommend
Bugcrowd
Bugcrowd is great for bug bounty programs and as a cheaper alternative to a full-blown penetration test. Small to medium-sized companies who are serious about security, but don't have the budget for a $40,000 penetration test, this is a great solution. Bugcrowd isn't going to be able to do much of the white-box penetration testing (code reviews), as they are more suited for grey-box and black-box. A program like this will need at least one dedicated person to work with the moderator, verify findings, and decide on the severity of the finding.
Chase Palmer, CISSP | TrustRadius Reviewer
Chase Palmer, CISSP
Security Engineer II
Read full review
YesWeHack
No answers on this topic
Pros
Bugcrowd
  • Having a pool of security researchers helps keep the penetration tests broad, getting the most bang for your buck.
  • The integration with Slack makes it easy to keep tabs on the program and when new findings are submitted.
  • The interface is pretty simple to use and fairly intuitive.
Chase Palmer, CISSP | TrustRadius Reviewer
Chase Palmer, CISSP
Security Engineer II
Read full review
YesWeHack
No answers on this topic
Cons
Bugcrowd
  • The success of your program highly depends on the moderator that is assigned to your project. A good moderator will continue to find researchers until the quota is full. Less than stellar moderators will send out one invite and sees what sticks.
  • Not all researchers are as professional as one might hope. This can ruin the experience.
Chase Palmer, CISSP | TrustRadius Reviewer
Chase Palmer, CISSP
Security Engineer II
Read full review
YesWeHack
No answers on this topic
Alternatives Considered
Bugcrowd
Budget was ultimately the reason we went with Bugcrowd initially. Bugcrowd allowed for us to come up with our own bounty scale to fit out budget. Most other companies had a fixed scale, or the scale was not as flexible as we wanted it. Traditional penetration testing companies were very expensive.
Chase Palmer, CISSP | TrustRadius Reviewer
Chase Palmer, CISSP
Security Engineer II
Read full review
YesWeHack
No answers on this topic
Return on Investment
Bugcrowd
  • We have received some great results for a great price. We've also received some poor results at the same price.
  • Bugcrowd is not always recognized as a "real" penetration test, but for the most part, we have not had any problems with customer accepting our reports.
  • Overall, Bugcrowd has been an overall good experience, but we have had a poor moderator from time-to-time that has resulted in less than ideal results.
Chase Palmer, CISSP | TrustRadius Reviewer
Chase Palmer, CISSP
Security Engineer II
Read full review
YesWeHack
No answers on this topic
ScreenShots

Bugcrowd Screenshots

Screenshot of the Bug Bounty Summary PageScreenshot of the Pen Test DashboardScreenshot of the Insights Dashboard

YesWeHack Screenshots

Screenshot of Public programs These give the entire hunter community access to an organization's program to benefit from their diverse skills. YesWeHack Hunters can access all public programs of the platform.Screenshot of the Report Lifecycle dashboard, used to track key operational metrics and benchmark data against industries, other programs, country averages, or even the overall platform average - to improve an organization's security posture.Screenshot of the Business Unit Manager dashboard, used to track the performance of programs with a of display real-time metrics.Screenshot of a Bug Timeline dashboad, used to analyze the timeline to understand trends in reported bugs over time, grouped by severity level.Screenshot of a leaderboard. Here, organizations can earn ranking points by submitting vulnerability reports, based on the severity of the issue and the applicable reward grid.