Partner Article
Crowdsourced Open Bug Bounty Community reaches 1,000,000 vulnerabilities fixed milestone
Open Bug Bounty, an open community-driven Bug Bounty platform for vulnerability disclosure has passed the milestone on 27 October of fixing over 1,000,000 web security vulnerabilities.
The Open Bug Bounty project enables website owners to receive advice and support from security researchers around the globe in a transparent, fair and coordinated manner to make web applications better and safer for everyone’s benefit.
Open Bug Bounty hosts Bug Bounty programs for such companies as A1 Telekom Austria and Drupal, with over 20,000 security researchers.
Started by a group of independent security experts in June 2014, Open Bug Bounty is a non-profit platform designed to connect security researchers and website owners in a transparent, respectful and mutually valuable manner. Its purpose is to make the Web a safer place for everyone’s benefit.
A spokesperson from Open Bug Bounty commented: “The Open Bug Bounty project is an interesting phenomenon that demonstrates that global crowd security testing become a mature industry that can be a valuable enhancement for the corporate application security program. Traditional penetration testing and vulnerability scanning are merely the baseline of application security. Therefore, when security researchers with different backgrounds and experience complement your application security testing, this may bring additional findings that require unusual creativity and a lot of time to be discovered.
“Organizations should, however, be prudent when setting up a bug bounty program and ensure that external testing does not violate data protection legislation. For example, if you authorize external security researchers to test your production system, the former may access sensitive personal data or financial information. How, when and if this data will be eventually removed from researchers’ systems often remains unclear, let alone a situation when a researcher’s device is compromised by cybercriminals and the information is stolen by the bad guys.
“The project does not perceive itself to be a competitor of leading commercial bug bounty platforms. For example, we do not provide manual triage for RCE or SQL injection vulnerabilities, due to the high sensitivity and confidentiality of such submissions. For submissions like XSS or CSRF, we are, however, a perfect place that can significantly reduce costs by offering a turn-key managed solution for free. Furthermore, many young talents work on several platforms at once, including highly vetted Synack, and our website owners have access to the best talent, wherever they are based.”
This was posted in Bdaily's Members' News section by Open Bug Bounty .
Our Partners
Putting in the groundwork to boost skills
£100,000 milestone drives forward STEM work
Restoring confidence for the economic road ahead
Ready to scale? Buy-and-build offers opportunity
When will our regional economy grow?
Creating a thriving North East construction sector
Why investors are still backing the North East
Time to stop risking Britain’s family businesses
A year of growth, collaboration and impact
2000 reasons for North East business positivity
How to make your growth strategy deliver in 2026
Powering a new wave of regional screen indies