Vetted Researchers
Not every hacker is equal. BugBounty.am operates a rigorous vetting and approval process for security researchers before they can participate in any program. This ensures organizations receive high-quality, professional vulnerability reports from trusted, identity-verified researchers. Our researcher vetting process builds trust between organizations and the hacker community — creating a secure environment where both sides can operate with confidence.
Researcher Approval Process
A researcher registers on BugBounty.am and completes the KYC verification process, including identity documents and professional references. Our team reviews and approves their profile. Once vetted, the researcher gains access to public programs and can be invited to private ones. Their reputation score builds over time based on submission quality, accuracy, and adherence to program rules — creating a self-regulating community of trusted security professionals.
Every researcher must complete identity verification and KYC (Know Your Customer) before accessing any bug bounty program. We verify real identities, professional backgrounds, and track records to ensure only legitimate, ethical hackers participate on the platform.
Researchers earn reputation through consistent, high-quality submissions. Our scoring system tracks finding accuracy, severity, report quality, and responsible conduct — rewarding top performers with priority access to premium programs and higher reward tiers.
Organizations can choose between public programs open to all vetted researchers, or private programs with hand-picked, invitation-only participants. This gives you full control over who tests your systems based on their expertise, reputation, and specialization.
All researchers agree to a binding Code of Conduct and Rules of Engagement before participating. Violations — including unauthorized disclosure, scope creep, or data exfiltration — result in immediate suspension and permanent removal from the platform.