An alternative to costly commercial bug bounties, there is record growth in Open Bug Bounty program. We contacted the security expert to provide his comments on the growth of this open bug bounty program.
From their site: “With almost half-a-million vulnerability reports today, we are happy to present you a brief recap of our relentless and steady growth in 2019 attained with your valuable support and contribution that we greatly
- 203,449 security vulnerabilities were reported in total (500 per day), representing a 32% yearly growth
- 101,931 vulnerabilities were fixed by website owners, likewise showing a 30% growth compared to the previous year
- 5,832 new security researchers joined the community, making the total number of researchers and security experts 13,532
- 383 new bug bounty programs were created by website owners, now offering 657 programs in total with over 1342 websites to test
A spokesperson says on the blog post: “We are receiving a considerable number of incoming proposals from commercial companies to support the project, or even to merge with their own solutions and platforms. We may consider one or even several partnerships in 2020 to ensure even a faster development of our project, however, the Open Bug Bounty will always remain open, community-driven and free.”
On further digging on their site, they have testimonials on their site from the likes of IKEA, American Bar Association, Canon, Virgin Australia and more (on their home page). These companies have been approached by researchers via Open Bug Bounty who have found XSS or other vulnerabilities on their sites.