Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
by The Hacker News

All Open Bug Bounty emails are sent only from domain being digitally signed. All others are fake. Learn more.
For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
1,255,015 coordinated disclosures
904,937 fixed vulnerabilities
1,595 bug bounty programs, 3,163 websites
28,613 researchers, 1,442 honor badges Bug Bounty Program runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

No general requirements

Testing Requirements:

No testing requirements

Possible Awards:

No possible awards

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

No comments so far.

  Latest Patched


  Latest Blog Posts

15.02.2022 by sepkatpro
Ultimate XSS Polyglot
11.11.2021 by mistry4592
The Most used Chrome Extensions are Used For Penetration Testing.
08.10.2021 by NNeuchi
How I Found My First Bug Reflected Xss On PIA.GOV.PH(Philippine Information Agency)
26.08.2021 by PyaePhyoThu98
eG Manager v7.1.2: Improper Access Control lead to Remote Code Execution (CVE-2020-8591)
14.07.2021 by Open Bug Bounty
Interview With Open Bug Bounty

  Recent Recommendations

@CasualSpaniel     5 July, 2022
    Twitter CasualSpaniel:
Great approach, very professional and reasonable. We resolved an issue swiftly and would like to thank n0tSt3 for his attitude and communication. Would highly recommend.
@LucaNardelli_IT     4 July, 2022
    Twitter LucaNardelli_IT:
Ilie from 4websecurity helped us discover a vulnerability in our website and his super quick responses allowed us to fix it. Great work and thank you!!
@uptheante     2 July, 2022
    Twitter uptheante:
Alex from 4websecurity was very helpful in making us aware of our website's vulnerability and also providing recommendation on how to patch it. They are the best at what they do. Great work and thank you again!
@madmas     30 June, 2022
    Twitter madmas:
Through Joe-Grizzly reporting, we cloud secure our systems better and understand some critical problems, thank you!
@madmas     30 June, 2022
    Twitter madmas:
By dotstdo very helpful reports, we could secure our systems even more, thank you!