Open Bug Bounty
   HOME

TheInfoList



Click Here for Items Related To - Open Bug Bounty
OR:
Open Bug Bounty on:   [Wikipedia]   [Google]   [Amazon]

Open Bug Bounty is a non-profit
bug bounty A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabiliti ...
platform established in 2014. The
coordinated vulnerability disclosure In computer security, coordinated vulnerability disclosure, or "CVD" (formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible parties ...
platform allows independent security researchers to report
XSS Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may ...
and similar security vulnerabilities on any website they discover using non-intrusive security testing techniques. The researchers may choose to make the details of the vulnerabilities public in 90 days since vulnerability submission or to communicate them only to the website operators. The program's expectation is that the operators of the affected website will reward the researchers for making their reports.


Program

Unlike commercial bug bounty programs, Open Bug Bounty is a non-profit project and does not require payment by either the researchers or the website operators. Any bounty is a matter of agreement between the researchers and the website operators.
Heise.de Heise (officially ''Heise Gruppe'') is a German media conglomerate headquartered in Hanover. It was founded in 1949 by Heinz Heise and is still family-owned. Its core business is directory media as well as general-interest and specialist media ...
identified the potential for the website to be a vehicle for blackmailing website operators with the threat of disclosing vulnerabilities if no bounty is paid, but reported that Open Bug Bounty prohibits this. Open Bug Bounty was launched by private security enthusiasts in 2014, and as of February 2017 had recorded 100,000 vulnerabilities, of which 35,000 had been fixed. It grew out of the website XSSPosed, an archive of
cross-site scripting Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may ...
vulnerabilities. In February 2018, the platform had 100,000 fixed vulnerabilities using coordinated disclosure program based on ISO 29147 guidelines. Up to the end of 2019, the platform reported 272,020 fixed vulnerabilities using coordinated disclosure program based on ISO 29147 guidelines.


References


External links

*{{official, https://www.openbugbounty.org/ Computer security exploits Computing websites 2014 establishments