Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

The Rise of the Open Bug Bounty Project

February 6, 2020
in Internet Privacy
The Rise of the Open Bug Bounty Project
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you.

The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the leading commercial bug bounty platforms, the latter are trying to reinvent themselves as “next-generation penetration testing” or similar services. You be the judge of how successful they will be.

You might also like

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

Generous venture funds have poured many millions into rapidly spending bug bounty startups that have not replaced Managed Penetration Testing (MPT) services (as some declared). However, these startups have positively improved the price/quality ratio of pen testing services on the global market.

Amid the uncertainty for the future of commercial bug bounty platforms, the not-for-profit Open Bug Bounty project has demonstrated quite impressive growth and traction in its annual report from 2019:

open bug bounty

Just in 2019 the non-commercial, ISO 29147 based, bug bounty platform reported the following:

  • 203,449 security vulnerabilities were reported in total (500 per day), which is a 32% year-to-year growth
  • 101,931 vulnerabilities were fixed by website owners, showing a 30% growth compared to the previous year
  • 5,832 new security researchers joined the community, taking the total number of researchers and security experts to 13,532
  • 383 new bug bounty programs were created by website owners, now offering 657 programs in total with over 1,342 websites to test

Today, Open Bug Bounty already hosts 680 bug bounties, offering monetary or non-monetary remuneration for security researchers from over 50 countries. Global companies such as Telekom Austria, Acronis, or United Domains run their bug bounties at Open Bug Bounty.

Among happy website owners, who thanked the researchers for coordinated and responsible disclosure via the platform, one can find Dell, IKEA, Twitter, Verizon, Philips, several governmental institutions and international organizations, some law schools and law firms, and even the American Bar Association (ABA) – not to be confused with beer-drinking though.

Initially, Open Bug Bounty accepted submissions of XSS, CSRF, Improper Access Control, and other security issues on any website condition to strictly non-intrusive testing, coordinated disclosure and respect of their code of conduct:

bug bounty program

In 2019, the situation evolved by enabling anyone to launch a bug bounty for his or her website without any fees or commissions, accessible to all 13,000 researchers:

hacking computers

Open Bug Bounty later announced the enhancement of the existing DevSecOps integrations with new tools and instruments, supplementing the already available SDLC integrations with Jira and Splunk.

Interestingly, the 2019 report also mentions growing interest from cybersecurity companies in partnering with or even acquiring the project, however, it clearly states that the platform will always maintain its openness and integrity.

We managed to get an exclusive interview with the Open Bug Bounty team about the future of the project:

How do you see 2020 for the Open Bug Bounty?
We will pursue our relentless expansion by adding new features, options, and integrations. We carefully listen to our community and try to implement all improvements beneficial for website owners and security researchers. Agility, simplicity, and reliability are all key priorities for us when building new features.

Do you plan to partner with a commercial bug bounty projects or a cybersecurity company?
We are open to proposals that will help us improve the project, maintaining an open and cozy place for website owners, and security researchers, that is governed by respect and fairness.

Are you looking for venture funding or donations?
We are a small group of cybersecurity enthusiasts, spending our spare time on the project between family life and work. For the moment, we feel pretty comfortable with the workload and even managed to refresh the design making it brighter and cheerful. We purposely don’t accept donations and do not display commercial ads, given that our community is foremost driven by a dream to secure the Web.

How visible is your impact on the cybersecurity industry?
Our researchers and website owners are probably the best people to answer this question. From our side, we see an increasing number of cybersecurity students who start their practice with Open Bug Bounty, software developers helping their peers to maintain better security and professional bug hunters seeking a more transparent alternative to commercial bug bounty platforms. We drive attention to application security, promote the OWASP project, and try to raise global web security awareness amid website owners and software developers.

Do you perceive commercial bug bounty platforms as your competitors?
No, we rather complement each other in one way or another. It’s like open source software and commercial software. Their philosophy is fairly different, but they coexist in harmony and add value to each other. The more offerings that exist on the market, the better off consumers and other actors will be.

How can one get in touch with you?
There is a secure web form on our website. Drop us your contact details there, and we will get back to you.

On behalf of The Hacker News, we sincerely wish the Open Bug Bounty team a well-deserved success in what they do to improve global web security.

Next Steps:


Credit: The Hacker News By: noreply@blogger.com (The Hacker News)

Previous Post

Machine Learning… Everywhere

Next Post

How the B-Team watches over Australia's encryption laws and cybersecurity

Related Posts

Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Internet Privacy

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
Next Post
How the B-Team watches over Australia’s encryption laws and cybersecurity

How the B-Team watches over Australia's encryption laws and cybersecurity

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

AI & ML Are Not Same. Here's Why – Analytics India Magazine
Machine Learning

AI & ML Are Not Same. Here's Why – Analytics India Magazine

February 27, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Is Wattpad and its machine learning tool the future of TV? — Quartz
Machine Learning

Is Wattpad and its machine learning tool the future of TV? — Quartz

February 27, 2021
Oxford University lab with COVID-19 research links targeted by hackers
Internet Security

Oxford University lab with COVID-19 research links targeted by hackers

February 27, 2021
The Education Industrial Complex: The Hammer We Have
Data Science

The Education Industrial Complex: The Hammer We Have

February 27, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

New AI Machine Learning Reduces Mental Health Misdiagnosis

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • AI & ML Are Not Same. Here's Why – Analytics India Magazine February 27, 2021
  • Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers February 27, 2021
  • Is Wattpad and its machine learning tool the future of TV? — Quartz February 27, 2021
  • Oxford University lab with COVID-19 research links targeted by hackers February 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates