Open Bug Bounty Community Forum

Coordinated & Responsible Disclosure
https://www.openbugbounty.org/forum/

Bug Bounty programs on openbugbounty

https://www.openbugbounty.org/forum/viewtopic.php?f=5&t=1268

Page 1 of 1

Bug Bounty programs on openbugbounty

Posted: Tue Aug 11, 2020 11:03 pm
by tbm
Hi,

There is a complete misunderstanding what bug bounty is and definetely wrong start for openbugbounty about bug bounties.

Take a look even google translates:

Definitions of bug bounty
noun
1
a reward offered to a person who identifies an error or vulnerability in a computer program or system.
"a bug bounty program"

So, please openbugbounty platform admins, can you remove any company that not offers any rewards from the "Bug Bounty List"? It is annoying.
If they don't offer any reward, they are NOT different than other companies we find and report. Anyone reaches us, we help already.
If they are listed on "bug bounty program page" then they should offer a reward.
Thanks.

Re: Bug Bounty programs on openbugbounty

Posted: Wed Aug 12, 2020 7:26 am
by x1admin
A website owner can express a gratitude to a researcher for reporting vulnerability in a way s/he considers the most appropriate and proportional to the researcher's efforts and help.

We encourage website owners to say at least a “thank you” to the researcher or write a brief recommendation in the researcher’s profile. There is, however, absolutely no obligation or duty to express a gratitude in any manner. We promote positive, constructive and mutually respectful communications between website owners and security researchers.

Re: Bug Bounty programs on openbugbounty

Posted: Wed Aug 12, 2020 5:55 pm
by metamorfosec_id
x1admin wrote:
Wed Aug 12, 2020 7:26 am
 A website owner can express a gratitude to a researcher for reporting vulnerability in a way s/he considers the most appropriate and proportional to the researcher's efforts and help.

We encourage website owners to say at least a “thank you” to the researcher or write a brief recommendation in the researcher’s profile. There is, however, absolutely no obligation or duty to express a gratitude in any manner. We promote positive, constructive and mutually respectful communications between website owners and security researchers.
But "No possible awards" in many OBB Programs is like not show respect to Researchers, as Researchers expect Bug Bounty Program should provide bounty, at least "thank you" as your said.

Re: Bug Bounty programs on openbugbounty

Posted: Thu Aug 13, 2020 7:57 am
by x1admin
We don't want to remove programs w/o any awards from list. You feel free to not send any reports to this programs and don't waste time to they sites

Re: Bug Bounty programs on openbugbounty

Posted: Mon Jan 04, 2021 11:55 pm
by Geek_Pwn
I've found the bug bounty programs section a bit annoying lately, many with zero fixed reports and the typical "No possible awards" caption. So I think that if OBB doesn't add a restriction in such cases, we hunters should add comments in the bug bounty program to warn other hunters about how that program works.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/