Any Synack researchers?

zxshockaxz

I read an article the other day and stumbled upon www.synack.com, a crowd-sourced vulnerability assessment/penetration testing start-up. Pretty much (as I understood it. I was in a hurry), they have a private community of security professionals that have access to a bulletin board which says what is allowed to be attacked, and the rules of engagement. The first to discover/submit a report on a bug gets paid a bounty.

The community is invite only, but a form can be filled out to request an invite. They want a range of experience, from professionals to students.

I was just wondering if anyone here at TE did research for them as a part time thing? What are everyone's thoughts on this? My ears perked up when I read "students", since penetration testing is my career goal.

holysheetman

I just saw this thread, sorry for the lateness.

I was invited late last year and haven't found the time to actually contribute, but, it looks promising. It is the only crowdsourcing modelled programs that I have been apart of that actually gives the tester a 'pre-assessment' test. This is a good thing!

I just got an email the other day about them taking the platform down to patch the heartbleed openssl vuln; it was down for a mere 3 hours, then back up!