Open Bug Bounty has added a free service that will allow organisations to create their own bug bounty programme.
Open Bug Bounty, which has been operating since 2014, will allow any verified website owner to operate a programme for their own site and is being done for free, Open Bug Bounty said, to help improve relations between website operators and security researchers. Website operators sign up for the programme through Open Bug Bounty's Twitter feed.
While setting up the programme is free, if a researcher finds a bug the website owner will have to pay the bounty. However, Open Bug Bounty will triage and verify the submissions but otherwise will not intervene.
“This is an amazing development in the bug bounty industry. I think this can help a lot of SMEs and large companies that are unable to detect and remediate the integrity of website vulnerabilities through automated scanners or annual pentesting. Security researchers can also get some valuable practice for the benefit of the cyber-security industry – something that many graduates are missing today when applying for their first infosecurity job,” said Ilia Kolochenko, High-Tech Bridge CEO.