The not-for-profit ethical hacker research community Open Bug Bounty recently announced a major milestone: its community has helped fix over 70,000 vulnerabilities since being founded by a group of security researchers and enthusiasts in June 2014.
Open Bug Bounty is a non-commercial project designed to connect security researchers and website owners in a transparent and open manner. It is part of a growing crowd security testing industry, mainly represented by commercial services managing bug bounties.
According to the Open Bug Bounty website, the main purpose of the project is to make the World Wide Web a safer place without putting unreasonable or excessive costs on website owners. Companies and organizations without formal bug bounty programs are invited to pay whatever they feel suitable (from a “thank you email” or a t-shirt to a gift card or some small cash) to researchers that have discovered vulnerabilities in their websites using non-intrusive testing techniques.
Prolific researchers are recognized with Open Bug Bounty achievement certificates for the number of fixed security flaws, with top security researchers helping websites to discover and patch vulnerabilities that could put their users at risk. Vulnerabilities on such websites as Facebook, Amazon, eBay, LinkedIn and BBC were patched thanks to Open Bug Bounty researchers.
Open Bug Bounty’s enhancements can be found here.
More information about the Open Bug Bounty project is available here.
Ilia Kolochenko, CEO of web security company High-Tech Bridge, commented on the news.
Ilia Kolochenko, CEO at High-Tech Bridge:
“Unlike commercial bug bounty programs, Open Bug Bounty leverages a different approach that covers a different market niche and seems to give quite impressive results. The announced updates can definitely bring more confidence and trustworthiness to the project. I think it can shape the crowd security testing industry as Let’s Encrypt is currently shaping the SSL certificate business for example – bringing fair and equal opportunities to everyone.”
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
