Where a Force of One becomes a Force of Many
FORCE LABS performs security research and cyber defense testing on a contractual basis for several original equipment manufacturers and companies building or using unique to niche products that they want to expose to comprehensive security testing. This includes traditional vulnerability testing with a much wider tool set, penetration testing, fuzzing, customized testing, and other advanced testing techniques to help you identify the security weaknesses or optimization opportunities in your product. FORCE LABS has several testing options to choose from and uses the rules of responsible disclosure in communicating or facilitating bug/vulnerability disclosures to the impacted or responsible parties. Please read more about our rules of responsible disclosure and our disclosure assistance program below.
FORCE LABS can directly sponsor your bug bounty by providing your product and the associated bounty exclusively to the lab’s members. This ensures disclosure rules and disclosure assistance will be followed as an obligation under the lab’s member contracts. When restricting the testing to FORCE LABS members, your product is subject to testing by hundreds of veterans, college students, and the lab’s professional mentors with various specialties in cyber defense. The lab requires an extended testing period when compared to conference bounties and provides a Cyber Defense Center testing seal when research and extended testing are completed.
Contact us today to learn more about FORCE LABS exclusive testing for your products. The sooner you start, the sooner your product can be optimized against threats.
Once your company has established a bug bounty, FORCE LABS, through the Cyber Defense Center, can facilitate the introduction of your product and the associated bounty at Blackhat or DefCon through a product aligned village. The bounty can be sponsored by your company or by the Lab directly, to keep your company’s participation in the bounty anonymous. This requires a contractual obligation and funding requirement for the bounty prior to submission. Both FORCE LABS and the aligned village receive a small portion of the bounty as a donation to sponsor the bounty and provide disclosure assistance. The remainder is paid directly to the hacker once verification and validation steps are concluded. There is risk with this bounty program. FORCE LABS and Defcon, nor the facilitating village, can require the researcher to disclose their findings for bounty consideration.
Contact us today to learn more about FORCE LABS hacker conference testing. Hacker conference testing allows you to observe and modify test parameters. You can also keep your company's name off bounties while receiving the benefits of disclosure.
FORCE LABS also participates in networks that can expose your product to Crowd testing by thousands of hackers, worldwide. FORCE LABS can either facilitate your bounty or directly represent the bounty within these forums. This is the most comprehensive testing option but also comes at a potential disclosure risk with a much wider reach.
This is the fastest path to testing results. Allow FORCE LABS to facilitate your crowd hacker bounties today.
FORCE LABS can help your company write testing challenges, design trophies, and publish rules of engagement that restrict or limit the testing parameters. Ideally, testing has no rules of engagement but in many cases, such as the performance of interactive product testing in physical proximity, in order to preserve the products operational state, FORCE LABS can prohibit parameters of testing that may damage the product. An example of this is restricting power attacks that may otherwise damage or destroy circuits, boards, or electronic operations rendering the product unusable for further testing. If there is a requirement to preserve the products’ ongoing operation state or integrity, FORCE LABS can help design a test that is intended to optimize testing to achieve desired outcomes.
Just need assistance in designing or writing your security testing plans? Reach out to FORCE LABS to independently design your security testing for your specific product or service.
1) EXCLUSIVE - FORCE LABS HACKER BOUNTY
2) HACKER CONFERENCE BOUNTY
3) CROWD HACKER BOUNTY
4) CHALLENGES AND RULES OF ENGAGEMENT
CONFERENCE TESTING:
FORCE LABS can participate in any conference or multiple conferences to aid in the facilitation of HACKER CONFERENCE BOUNTIES. This can be an industry specific conference associated with your product or a security industry conference. Conferences that FORCE LABS can or you can choose from the following:
1) RSA Conference; or
2) Blackhat; or
3) Hacker Halted; and
4) Defcon Las Vegas.
CERTIFICATION:
When testing includes the exclusive FORCE LABS hacker bounty or FORCE LABS designs the product testing parameters and facilitates either crowd or conference bounties, security testing certification from the Cyber Defense Center may be included in the scope of testing.
The FORCE LABS responsible disclosure rules encourage or require (depending on the bounty option selected) that all participating security researchers and hackers MUST submit impactful security bugs, weaknesses, or configuration flaws associated with the product or products subject to the testing to FORCE LABS and/or the test sponsor directly so that the company has an opportunity to resolve the findings. This is a good faith effort to ensure that all impactful findings associated with authorized testing are resolved quickly, safely, and without harm to the organization, consumers of the product, or the public at large.
Therefore, in order to initiate a FORCE LABS facilitated bounty, FORCE LABS and the sponsor MUST have a mutually agreed upon disclosure process that includes a:
1) channel of communication with the contact or the affected organization for the products subject to testing; and
2) submission process for to securely transmit research and impactful vulnerabilities to the pre-defined contact for the affected organization; and
3) method and timeframe to verify and validate research and disclosures that are submitted for product/s subject to the testing; and
4) method to approve the bounty distribution with a message of gratitude from the testing sponsor; and
5) timeframe and secondary researcher engagement protocol to retest and validate adequacy of remediation; and
6) disclosure to CERT and NVD with credit to the security researcher and FORCE LABS for any disclosures that have completed the disclosure process.
FORCE LABS embraces and facilitates balanced rules of responsible disclosure. FORCE LABS coordinates and facilitates private and full public disclosure using bounties with pre-defined testing parameters. All FORCE LABS testing is explicitly authorized either by the manufacturer of the product or by a customer with the right to audit the product. The testing sponsor MUST be responsive and transparent in the testing process and the researcher MUST also act in good faith. When mutual benefit is established through a well coordinated bounty, FORCE LABS facilitates responsible testing and disclosures between these two parties to ensure safe and secure outcomes.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.