Bug Bounty programs on openbugbounty

Questions or suggestions about the platform
Post Reply
tbm
Posts:14
Joined:Wed Jul 11, 2018 11:40 am
Bug Bounty programs on openbugbounty

Post by tbm » Tue Aug 11, 2020 11:03 pm

Hi,

There is a complete misunderstanding what bug bounty is and definetely wrong start for openbugbounty about bug bounties.

Take a look even google translates:

Definitions of bug bounty
noun
1
a reward offered to a person who identifies an error or vulnerability in a computer program or system.
"a bug bounty program"


So, please openbugbounty platform admins, can you remove any company that not offers any rewards from the "Bug Bounty List"? It is annoying.
If they don't offer any reward, they are NOT different than other companies we find and report. Anyone reaches us, we help already.
If they are listed on "bug bounty program page" then they should offer a reward.
Thanks.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Bug Bounty programs on openbugbounty

Post by x1admin » Wed Aug 12, 2020 7:26 am

A website owner can express a gratitude to a researcher for reporting vulnerability in a way s/he considers the most appropriate and proportional to the researcher's efforts and help.

We encourage website owners to say at least a “thank you” to the researcher or write a brief recommendation in the researcher’s profile. There is, however, absolutely no obligation or duty to express a gratitude in any manner. We promote positive, constructive and mutually respectful communications between website owners and security researchers.

metamorfosec_id
Posts:269
Joined:Mon Apr 30, 2018 7:35 am

Re: Bug Bounty programs on openbugbounty

Post by metamorfosec_id » Wed Aug 12, 2020 5:55 pm

x1admin wrote:
Wed Aug 12, 2020 7:26 am
A website owner can express a gratitude to a researcher for reporting vulnerability in a way s/he considers the most appropriate and proportional to the researcher's efforts and help.

We encourage website owners to say at least a “thank you” to the researcher or write a brief recommendation in the researcher’s profile. There is, however, absolutely no obligation or duty to express a gratitude in any manner. We promote positive, constructive and mutually respectful communications between website owners and security researchers.
But "No possible awards" in many OBB Programs is like not show respect to Researchers, as Researchers expect Bug Bounty Program should provide bounty, at least "thank you" as your said.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Bug Bounty programs on openbugbounty

Post by x1admin » Thu Aug 13, 2020 7:57 am

We don't want to remove programs w/o any awards from list. You feel free to not send any reports to this programs and don't waste time to they sites

Geek_Pwn
Posts:9
Joined:Sun Sep 17, 2017 9:45 pm

Re: Bug Bounty programs on openbugbounty

Post by Geek_Pwn » Mon Jan 04, 2021 11:55 pm

I've found the bug bounty programs section a bit annoying lately, many with zero fixed reports and the typical "No possible awards" caption. So I think that if OBB doesn't add a restriction in such cases, we hunters should add comments in the bug bounty program to warn other hunters about how that program works.

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 2 guests