Recently, also theOpen Bug Bountyproject announced a revision of its internal processes to comply with theISO 29147 standard.
Vulnerability details cannot be disclosed in public before 90 days after any website owner notification.
The Open Bug Bountys average bounty payment is much lower compared to Google or Facebook XSSs payouts.
However, some researchers get four-digits awards from thegrateful website owners.
Many website owners write recommendations to researchers profiles acknowledging their work and help.
Others send books, gadgets, branded gifts or even cakes and candies.
We even have people with legal background among our contributors.
How do you organize your operations?
Actually, there is no hierarchy or long-term planning.
We all spend some of our spare time on the project when we dont have other things to do.
Our community brings great ideas that we venture to implement without much delay.
What are the upcoming improvements, if any?
These are our priorities that we continuously implement whenever we have some time.
Do you compete with commercial bug bounty platforms?
We dont think so.
They have completely different service and value-proposition suitable for large organizations with mature cybersecurity.
We have a well-deserved success and recognition in our niche and we are pretty happy with it.
Do you plan to offer any commercial services on top of your platform?
We believe that bug bounty should remain open, transparent and beneficial only for the researchers and website owners.
What is your ultimate goal with your project?
Making the web a safer place.
We are not looking for glory or profit.
Joyful tweets from the community is the best award we may have.
And we are excited that we see such tweets more and more frequently.
If you are a website owner, admin or even an external cybersecurity service provider (e.g.
source: www.techworm.net
