Frequently Asked Questions
Clear answers to how DarkByte Solutions handles vulnerability disclosure, bug bounty programs, and security reports.
Is the Vulnerability Disclosure Page really free?
Yes. We provide an initial VDP setup and hosting for free for new organizations, so you can see how managed disclosure and triage work in practice. You only pay if you later choose a paid service plan (for example, ongoing triage or a specific bounty model).
Will DarkByte test our systems without permission?
No. DarkByte does not perform any security testing on your systems without your explicit, written authorization and a defined scope. Testing is only carried out under your approved VDP or bug bounty program rules.
Do we have to pay bug bounties?
No. Many organizations start with disclosure-only programs (VDPs) that provide recognition but no financial bounty. You can choose to add monetary rewards later, and you control the bounty ranges and eligibility rules.
How does DarkByte make money if VDP setup is free?
Free VDP setup is our way to demonstrate our managed triage and coordination service. We earn revenue from paid plans such as ongoing VDP hosting, triage, limited bug bounty programs, and pay-per-bug platform fees.
How fast do you respond to new reports?
Response times depend on the service tier, but typically initial triage happens within 2–3 working days. For higher tiers and critical issues, faster response targets can be agreed in advance.
Can we stop or pause our program?
Yes. You can pause or disable your VDP or bug bounty program at any time. Once disabled, we will update the program status so researchers know not to test or submit new reports.
Who are the researchers testing our systems?
Vulnerabilities are found and reported by independent security researchers who join your approved programs. DarkByte sits in the middle to triage submissions and coordinate communication; we do not hire unknown testers without your knowledge.