Open Bug Bounty has added a free service that will allow organizations to create their own bug bounty program.Open Bug Bounty, which has been operating since 2014, will allow any verified website owner to operate a program for their own site and is being done for free, Open Bug Bounty said, to help improve relations between website operators and security researchers. Website operators sign up for the program through Open Bug Bounty's Twitter feed.
Start your Open Bug Bounty now! It's simple and free: https://t.co/neN6xds63a— Open Bug Bounty (@openbugbounty) May 28, 2018
While setting up the program is free, if a researcher finds a bug the website owner will have to pay the bounty. However, Open Bug Bounty will triage and verify the submissions but otherwise will not intervene.
“This is an amazing development in the bug bounty industry. I think this can help a lot of SMEs and large companies that are unable to detect and remediate the integrity of website vulnerabilities through automated scanners or annual pentesting. Security researchers can also get some valuable practice for the benefit of the cybersecurity industry – something that many graduates are missing today when applying for their first infosecurity job,” said Ilia Kolochenko, High-Tech Bridge CEO.