Skip to main content

Frequently Asked Questions (FAQ)

Who runs SevHunt?

SevHunt is ran by Sam Mortenson, a software developer and security researcher who has worked as both a triager and bug-hunter in multiple bug bounty programs.

Can I use SevHunt if I already run an external bug bounty program?

Yes! You can think of SevHunt as just "more reports with a new scope", and since you are already doing external triage, internal work should be a breeze (ex: you're not going to get internal reporters arguing with you about payment, probably).

Can I use SevHunt if I don't have a security team?

Yes! Although, you should first make sure you have the capacity to actually triage and fix the bug reports you get. We want you to be successful, so make sure you have some individual or team who can take ownership of the program's success.

How is SevHunt built?

Amazingly in this day and age, by hand. We aren't against AI but didn't use it for development of the product, which we think has led to a more secure* and stable initial launch.

If you didn't mean this in a "Is this vibe coded?" way: SevHunt is a React single page app that uses NodeJS on the backend.

* Or at least, any security issues shouldn't be too surprising to us since we wrote the app.

How do you keep my data secure?

SevHunt uses client side encryption for everything involved in the reporting flow: titles, summaries, replication steps, replies, and even file uploads.

This means that a data breach at SevHunt, a bug in our authorization code, or a problem on your side cannot (trivially) result in exfiltration of your reports in plaintext.

SevHunt's report encryption is mostly about protecting us, not you. The best way to ensure your privacy is to make your (report) data unusable to us.

Note: Only report data is encrypted to allow employees on your side to visit SevHunt without having to learn what a public key is. If you have thousands of employees you probably don't want to manage shared encryption secrets anyway.

How do I contact you?

Please visit https://sevhunt.com/contact and login to ask your own questions!