Due to the nature of the application, DarkHorse is not optimized for mobile devices. Please view it on a desktop or tablet for the best experience.
Cybersecurity is not optional. DarkHorse makes it possible.
DarkHorse is making proactive security accessible, affordable, & scalable for all.
Learn more about our mission, join the movement with a free VDP or bounty program, or click on the tools below to start experiencing a fresh take on the old rules (or go here to check out our pricing page).
Painless, Affordable, & Scalable Pentesting
Effortlessly purchase, setup, launch, and manage pentest engagements within minutes. From completely customizable fractional engagements, to in-depth, comprehensive pentests, to high-level assessments, we've got you covered. Start experiencing a better, more affordable experience today, try our out pentestimator below.
Instant, Affordable VDPs
(often free!)
Painlessly setup a VDP program that meets compliance and best practice requirements for your organization in five minutes or less.
Get started in seconds, or try out our VDP pricing estimator below.
Easy-To-Setup, Affordable Bug Bounties
(often free!)
Effortlessly setup a bounty program for your organization within minutes. Get started today, or try out our bounty pricing estimator.
Can't Decide What You Want / Need? Try Our Definitely-Not-AI-Decision-Helper-Thing
Unsure what's the right solution? Check out our one-pager on the topic, or try out our Decision-Helper-Thing by clicking above.Frequently Asked Questions
Everything you need to know about about DarkHorse
Why "DarkHorse"?
The wikipedia entry for "dark horse" starts with "A dark horse is a previously lesser-known person, team or thing that emerges to prominence in a situation, especially in a competition involving multiple rivals, that is unlikely to succeed but has a fighting chance..."
In our view, that's a perfect encapsulation of who we are. We're an upstart in the space, but despite having a large disadvantage in terms of starting position, we really do feel that we have a shot at making a mark on this industry. And for that reason, we believe we're literally and figuratively a Dark Horse. Also, it sounds cool. Or at least we think so.
In our view, that's a perfect encapsulation of who we are. We're an upstart in the space, but despite having a large disadvantage in terms of starting position, we really do feel that we have a shot at making a mark on this industry. And for that reason, we believe we're literally and figuratively a Dark Horse. Also, it sounds cool. Or at least we think so.
You have VDP, Bug Bounty, and Pentesting / Fractional Pentesting right now; what's next?
A lot. But first and foremost, there's a lot more to do on the platform to support those first three products... for instance, there's points and gamification to be built for bug bounty, as well as reporting (for all engagement types), and a whole lot more. There's other types of pentests to be able to support, other methodologies to build, and so on. There's a ton of other features we want to build, and are slowly working our way through (SDLC integrations, more and and more advanced predictive platform driven guidance, and a whole lot more). And so on... there's no shortage of things we're excited to build!
Is this really "for the greater good"?
We assure you that this isn't about building a cash machine. We're all about transparency, so we'll just run some quick numbers for you...
- Let's assume in year one we get ~10,000 reports. This is an astronomical number for an organization that is just starting out, but let's be ambitious.
- With 10,000 reports, we'll say that 80% of them come from paid programs. At $3 per report - that's a mere $24,000 for a full year. For context, that's less money than working at McDonalds. Keep in mind that we also offer to refund anyone this fee if they're not happy.
- But then there's the bounty commission - let's again pick a round number that's probably too high. Let's say we facilitate $100,000 in reward payments in the first year as well. With an average commission of 6%, that's a whopping $6,0000 - and of that, at least $5,000 or more will go into paying for currency exchange fees, transaction fees, identify verification fees, and so on.
- Add in hosting, marketing, and other costs, and there's hardly anything left over to pay anyone anything. Not to mention the months of unpaid effort that's gone into building the platform, let alone trying to sell and market it... and that's not even to speak of the costs of supporting it and our clients!
- Said differently: if we were doing it for the money, we'd be better off working at McDonalds. We went as low as we thought was safe, and then we went lower - because we're committed to the mission of making crowdsourced and offensive security accessible and affordable for everyone. Full stop.