Open Bug Bounty consists of a team of no more than 10 researchers from several countries with backgrounds in IT, cyber security and law, who work to verify vulnerabilities, promptly notify website owners of the flaws and make the Web a safer place for everyone’s benefit.
The white hat hackers of Open Bug Bounty lately announced its number of recorded bug bounties had reached 100,000 and that it had completed the revision of its internal process to comply with the ISO 29147 standard.
The group is not looking to make a profit off of the vulnerabilities it reports and only looks to improve the safety of the web. “The team are not looking for glory or profit,” a spokesperson for the team told. The group invites data security researchers to join.
The program allows any data security researcher to report vulnerability on any website as long as the vulnerability is discovered without using intrusive testing techniques and follows responsible disclosure guidelines.
High-Tech Bridge Chief Executive Officer Ilia Kolochenko celebrated the platform’s success and said the program fills the niche for good-faith cyber security researchers and SMEs or NGOs that lack resources to buy penetration testing services or run their own full-scale bounty program.
“The people should, keep in mind that any crowd cyber security testing can never substitute an application security program, with SDLC, DevSecOps and continuous data security monitoring,” Kolochenko said. “Auxiliary technologies, such as web application firewalls, should also be implemented and maintained to enable proactive security.”