Non-profit Open Bug Bounty project reaches over 70,000 fixed vulnerabilities
August 2017 by Marc Jacob
The not-for-profit ethical hacker research community Open Bug Bounty recently announced a major milestone: its community has helped fix over 70,000 vulnerabilities since being founded by a group of security researchers and enthusiasts in June 2014.
Open Bug Bounty is a non-commercial project designed to connect security researchers and website owners in a transparent and open manner. It is part of a growing crowd security testing industry, mainly represented by commercial services managing bug bounties.
According to the Open Bug Bounty website, the main purpose of the project is to make the World Wide Web a safer place without putting unreasonable or excessive costs on website owners. Companies and organizations without formal bug bounty programs are invited to pay whatever they feel suitable (from a “thank you email” or a t-shirt to a gift card or some small cash) to researchers that have discovered vulnerabilities in their websites using non-intrusive testing techniques.
Prolific researchers are recognized with Open Bug Bounty achievement certificates for the number of fixed security flaws, with top security researchers helping websites to discover and patch vulnerabilities that could put their users at risk. Vulnerabilities on such websites as Facebook, Amazon, eBay, LinkedIn and BBC were patched thanks to Open Bug Bounty researchers.
Open Bug Bounty’s enhancements can be found here: https://www.openbugbounty.org/forum/viewtopic.php?f=5&t=466
More information about the Open Bug Bounty project is available here: https://www.openbugbounty.org/open-bug-bounty/