Non-Profit Open Bug Bounty Project Reaches Over 70,000 Fixed Vulnerabilities, Enhances Coordinated Disclosure

By   ISBuzz Team
Writer , Information Security Buzz | Aug 03, 2017 06:00 am PST

The not-for-profit ethical hacker research community Open Bug Bounty recently announced a major milestone: its community has helped fix over 70,000 vulnerabilities since being founded by a group of security researchers and enthusiasts in June 2014.

Open Bug Bounty is a non-commercial project designed to connect security researchers and website owners in a transparent and open manner. It is part of a growing crowd security testing industry, mainly represented by commercial services managing bug bounties.

According to the Open Bug Bounty website, the main purpose of the project is to make the World Wide Web a safer place without putting unreasonable or excessive costs on website owners. Companies and organizations without formal bug bounty programs are invited to pay whatever they feel suitable (from a “thank you email” or a t-shirt to a gift card or some small cash) to researchers that have discovered vulnerabilities in their websites using non-intrusive testing techniques.

Prolific researchers are recognized with Open Bug Bounty achievement certificates for the number of fixed security flaws, with top security researchers helping websites to discover and patch vulnerabilities that could put their users at risk. Vulnerabilities on such websites as Facebook, Amazon, eBay, LinkedIn and BBC were patched thanks to Open Bug Bounty researchers.

Open Bug Bounty’s enhancements can be found here.

More information about the Open Bug Bounty project is available here.

Ilia Kolochenko, CEO of web security company High-Tech Bridge, commented on the news.

Ilia Kolochenko, CEO at High-Tech Bridge:

“Unlike commercial bug bounty programs, Open Bug Bounty leverages a different approach that covers a different market niche and seems to give quite impressive results. The announced updates can definitely bring more confidence and trustworthiness to the project. I think it can shape the crowd security testing industry as Let’s Encrypt is currently shaping the SSL certificate business for example – bringing fair and equal opportunities to everyone.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x