top of page

Bring continuous online security to every organisation

Start your own Bug Bounty Program with Com Olho

How it Works

Meet Com Olho all-in-one solution
for Cyber Security Officers

A one-stop platform to find, fix and reward bug hunters.

Create Programs



Fix & Reward

in Real Time

By harnessing the collective expertise of global cyber sleuths, we're turning challenges into opportunities, transforming bugs into bounties, and making the web safer, one discovery at a time. Every coder, hacker, and cybersecurity enthusiast finds more than just vulnerabilities here; they find a community, a challenge, and a reward for their unparalleled skills. 

Bug Bounty Platform India

Validation & Reporting

  • Submission Review: The security team reviews each submitted vulnerability for validity, impact, and exploitability.

  • Validation: The team tries to reproduce the vulnerability using the provided PoC or steps. If successful, the vulnerability is considered validated.

  • Severity Assessment: Assign a severity level to the vulnerability (e.g., Critical, High, Medium, Low) based on its potential impact.

  • Reward Determination: Rewards are determined based on the severity, quality of the report, and potential risk. Higher rewards are often given for more severe vulnerabilities.

  • Communication: Notify the researcher of the validation result and the reward amount. Some programs may involve negotiation with the researcher regarding the reward.


  • Fix and Mitigation: The development or security team works on fixing the validated vulnerabilities promptly to enhance security.

  • Communication: Maintain open communication with the researcher throughout the resolution process, providing updates on the progress.

  • Verification: After fixing the vulnerability, the researcher may be asked to verify whether the issue has been successfully resolved.

  • Acknowledgment and Reward: Publicly acknowledge the researcher's contribution, often by adding their name to a Hall of Fame or acknowledgment page. Provide the agreed-upon reward, either monetary or non-monetary.


Define a Scope

  • Identify Scope: Define the specific applications, websites, platforms, or systems that are within the scope of the bug bounty program. This can include web applications, mobile apps, APIs, hardware devices, and more.

  • List In-Scope Items: Clearly list what is considered in-scope, including URLs, IP ranges, and functionalities that researchers are allowed to test.

  • Define Vulnerabilities: Specify the types of vulnerabilities that are of interest, such as Cross-Site Scripting (XSS), SQL Injection, Remote Code Execution, and more.

  • Set Restrictions: Clearly outline what is out of scope. For example, social engineering attacks, physical attacks, and attacks on third-party applications may be considered out of scope.

Research & Reporting

  • Research Phase: Researchers begin testing the in-scope targets for vulnerabilities based on the defined criteria.

  • Discovery: When a researcher discovers a vulnerability, they document the details, including steps to reproduce, impacted systems, and potential impact.

  • Responsible Disclosure: Researchers submit their findings through the designated channel, often a submission portal provided by the bug bounty platform.

  • Proof of Concept (PoC): Researchers might include a PoC to demonstrate the exploitability of the vulnerability.


bottom of page