Top 10 Ways to Get Started with Bug Bounty Hunting

Here are 10 easy ways to get started with bug bounty hunting for free: Participate in public bug bounty programs. There are a number of public bug bounty programs that you can participate in for free. These programs are typically run by open source projects or non-profit organizations. One example is the Google Vulnerability Reward…

Top 10 Bug Bounty Resources

The following is a list of the top 10 bug bounty sites in 2023, based on a combination of factors including popularity, reputation, and rewards offered: OpenBugBounty HackerOne Bugcrowd Intigriti YesWeHack Cobalt Synack Immunefi HackerX Hackenproof These sites offer a variety of bug bounty programs from companies of all sizes, from startups to Fortune 500…

What Is OpenBugBounty and How It Works

OpenBugBounty is a non-profit bug bounty platform established in 2014. It is a platform for coordinated, responsible, and ISO 29147 compatible vulnerability disclosure. OpenBugBounty allows security researchers to report XSS and similar security vulnerabilities on any website they discover using non-intrusive security testing techniques. The researchers may choose to make the details of the vulnerabilities…

Coordinated Vulnerability Disclosure

Coordinated Vulnerability Disclosure (CVD) is a process for disclosing security vulnerabilities to affected organizations in a way that minimizes the risk of harm to users. It is a voluntary process that is typically agreed upon by the vulnerability reporter, the affected organization, and a third-party facilitator. The CVD process typically involves the following steps: The…

What Is Bug Bounty

A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of…

Better Notifications Mechanism

Hey Folks,You probably noticed many small improvements of OBB made in April. We have also improved our website owner notification system to maximize rapidity, reliability and clarity of notifications.Some of you currently don’t have emails in your researcher profiles: this creates hurdles for website owners to reach out to you. Eventually, this slows down your…

Higher Submissions Quality Standard


We are happy to be included into the top 5 most promising bug bounty programs of 2021 by the TheHackerNews:

The recognition, however, comes with the responsibility – an inalienable part of our project. During the last days we received several complaints about automated submissions of irrelevant findings such as WordPress XMMRPC file existence. The value of such submissions for website owners is at least questionable.

Therefore, as of today, all CWE-200 submissions without practical value – including phpinfo pages – will be rejected and deleted. You may still submit them within the scope of the running bug bounty programs – if the website owner expressly marked that s/he wishes to get such submissions.

We also remind that the purpose of our project is quality of the submissions, not their quantity. All usage of automated tools will lead to account suspension – let’s bring value to the website owners and suitably support their efforts to secure their websites!

Brief Recap of Open Bug Bounty’s Record Growth in 2019

Dear Researchers and Website Owners,

First of all, we wish you a Happy and Secure New Year 2020:

With almost half-a-million vulnerability reports today, we are happy to present you a brief recap of our relentless and steady growth in 2019 attained with your valuable support and contribution that we greatly appreciate:

  • 203,449 security vulnerabilities were reported in total (500 per day), being a 32% yearly grow

  • 101,931 vulnerabilities were fixed by website owners, likewise showing a 30% growth compared to the previous year

  • 5,832 new security researchers joined the community, making the total number of researchers and security experts 13,532

  • 383 new bug bounty programs were created by website owners, now offering 657 programs in total with over 1342 websites to test

Best security researchers and top-rated Bug Bounty programs are available on the main page of our website, where we recently refreshed the design.

In 2020, we plan to introduce new features requested by the researchers and website owners to further improve their experience, accelerate smooth communications and reduce vulnerability remediation time.

New DevSecOps vulnerability data export options are also coming soon to facilitate crowd security testing integration with corporate CI/CD and DevSecOps strategy.

We are receiving a considerable number of incoming proposals from commercial companies to support the project, or even to merge with their own solutions and platforms. We may consider one or even several partnerships in 2020 to ensure even a faster development of our project, however, the Open Bug Bounty will always remain open, community-driven and free.

Please don’t hesitate to promote our project among you contacts and on social networks!

Thank you for making Web a safer place with us!