XSSPosed launches Open Bug Bounty programme for web flaws

XSSPosed has launched a worldwide Open Bug Bounty programme for various web vulnerabilities that include Cross-Site Scripting, SQL Injection, Open Redirect and Iframe Injection.

The XSSPosed website goes further than traditional bug bounties where only website owners can thank the researcher. The XSSPosed Open Bug Bounty can be given to a website visitor, journalist or a security company that manages the protection of the website.

A non-profit vulnerability archive, XSSPosed currently has almost 20,000 known vulnerabilities and over 1,000 subscribers.

Ilia Kolochenko, CEO of High-Tech Bridge, says that the: “Open Bug Bounty programme is a pretty interesting idea. Today, the majority of Bug Bounties that I know are still far from being perfect. Enabling all concerned parties to participate in the Bounty programme can change standard approaches to Bug Bounties. I think it has a lot of potential for growth.”