Coordinated Disclosure Verified Alerts 218,001 coordinated disclosures
119,460 fixed vulnerabilities
176,208 websites, 16,396 VIP websites
5,875 researchers, 6,915 subscribers

  Please, login via Twitter first




Start Your Bug Bounty Program at Open Bug Bounty

Open Bug Bounty allows any verified website owners to run a bug bounty for their websites at no cost. The purpose of this non-profit activity is to make relations between website owners and security researchers sustainable and mutually beneficial in a long-term prospective.

Starting a bug bounty is free and open to everyone. Once logged in via Twitter, you can create you bug bounty program in a few minutes and get unlimited access to our security researchers. Once a vulnerability is reported, you will get instant notification to coordinate disclosure and remediation with researcher.

Open Bug Bounty does triage and verification of the submissions. However, we never intervene to the further process of your communication with the researchers, vulnerability remediation and disclosure. Once a vulnerability is verified and reported to you, our role in coordinated disclosure process is over.

General

Please carefully fill-in the form below to launch your bug bounty:

This will be a name under which your bug bounty will be displayed. Please use meaningful and relevant name to better guide the researchers.

Please read about type of vulnerability submissions and select the best one for you:

   Researchers will be able to submit both private and public submissions.
   Researchers will be able to submit private submissions only.

We will send notifications for domains from your scope to these email addresses. We do not share these email addresses with anybody.

Bug Bounty Scope

You will need to confirm your ownership of the website by placing a special security.txt file on it:

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

Please specify your Vulnerability Disclosure Program requirements. They will be displayed to security researchers:

Please specify technical or any other reasonable requirements for submissions (e.g. exclusion of self-XSS). Please specify any special requirements for testing methodologies (e.g. restriction to use vulnerability scanners). Please specify which rewards you may provide to the researchers who follow the above-mentioned requirements (e.g. recommendation in researcher's profile, mention in a Hall of Fame or something more valuable proportional to the researcher's efforts). Anything else you would like to bring to the attention of researchers community.

Other Submissions Handling

Open Bug Bounty does not accept security vulnerabilities that may require some sort of intrusive testing to be detected (e.g. SQL injection). Therefore, we do not accept, verify or store them on our platform. Nevertheless, as a website owner, you can specify how and where to report them if ever you wish them to be reported.



Please specify where and how (e.g. email) these vulnerabilities may be sent. You can provide your public PGP key here to encrypt the notifications sent via a method you specify above. Please specify technical or any other reasonable requirements for submissions (e.g. exclusion of self-XSS). Please specify any special requirements for testing methodologies (e.g. restriction to use vulnerability scanners). Please specify which rewards you may provide to the researchers who follow the above-mentioned requirements (e.g. recommendation in researcher's profile, mention in a Hall of Fame or something more valuable proportional to the researcher's efforts). Anything else you would like to bring to the attention of researchers community.

Need Any Help?

Need any help or have any questions about the bug bounty? The community forum is here to help!



  Latest VIP Submissions

hearthis.at
Reported by xx Helped patch 215 vulnerabilities
Received 4 Coordinated Disclosure badges
Received 15 recommendations
on 27.05.2018
sberometer.ru
Reported by dak Helped patch 1709 vulnerabilities
Received 7 Coordinated Disclosure badges
Received 32 recommendations
on 26.05.2018
mangooutlet.com
Reported by dak Helped patch 1709 vulnerabilities
Received 7 Coordinated Disclosure badges
Received 32 recommendations
on 26.05.2018
imovirtual.com
Reported by MiguelSantareno Helped patch 558 vulnerabilities
Received 5 Coordinated Disclosure badges
Received 13 recommendations
on 26.05.2018
esl-lounge.com
Reported by npuser500 Helped patch 1503 vulnerabilities
Received 7 Coordinated Disclosure badges
Received 13 recommendations
on 26.05.2018
englishwsheets.com
Reported by npuser500 Helped patch 1503 vulnerabilities
Received 7 Coordinated Disclosure badges
Received 13 recommendations
on 26.05.2018
eslprintables.com
Reported by npuser500 Helped patch 1503 vulnerabilities
Received 7 Coordinated Disclosure badges
Received 13 recommendations
on 26.05.2018
liveworksheets.com
Reported by npuser500 Helped patch 1503 vulnerabilities
Received 7 Coordinated Disclosure badges
Received 13 recommendations
on 26.05.2018
angop.ao
Reported by Gh05tPT Helped patch 77 vulnerabilities
Received 3 Coordinated Disclosure badges
on 26.05.2018
orsay.com
Reported by metamorfosec Helped patch 4 vulnerabilities
Received 0 Coordinated Disclosure badges
on 26.05.2018



  Latest Submissions

redstarinnovations.com
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
sysmaticgpl.com
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
hpmuseum.net
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
oxfordsafetysupplies.com
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
astatechinc.com
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
debet.az
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
eonhk.com
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
antiseptica.com
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
exfluor.com
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018
luzoma.com
Reported by Dipu1A Helped patch 22 vulnerabilities
Received 1 Coordinated Disclosure badges
Received 1 recommendations
on 27.05.2018