Expert On Not-for-profit Open Bug Bounty’s Record Growth In 2019

An alternative to costly commercial bug bounties, there is record growth in Open Bug Bounty program. We contacted the security expert to provide his comments on the growth of this open bug bounty program.

From their site: “With almost half-a-million vulnerability reports today, we are happy to present you a brief recap of our relentless and steady growth in 2019 attained with your valuable support and contribution that we greatly


  • 203,449 security vulnerabilities were reported in total (500 per day), representing a 32% yearly growth
  • 101,931 vulnerabilities were fixed by website owners, likewise showing a 30% growth compared to the previous year
  • 5,832 new security researchers joined the community, making the total number of researchers and security experts 13,532
  • 383 new bug bounty programs were created by website owners, now offering 657 programs in total with over 1342 websites to test

A spokesperson says on the blog post: “We are receiving a considerable number of incoming proposals from commercial companies to support the project, or even to merge with their own solutions and platforms. We may consider one or even several partnerships in 2020 to ensure even a faster development of our project, however, the Open Bug Bounty will always remain open, community-driven and free.”

On further digging on their site, they have testimonials on their site from the likes of IKEA, American Bar Association, Canon, Virgin Australia and more (on their home page). These companies have been approached by researchers via Open Bug Bounty who have found XSS or other vulnerabilities on their sites.


Ilia Kolochenko, Founder and CEO,  ImmuniWeb
January 17, 2020
The advantage of Open Bug Bounty project is that it’s free, and this will definitely attract its unique audience.
This is a quite impressive growth for a non-profit project. It even outshines commercial bug bounty platforms that raised millions in cash from VCs. Their community-driven approach seems to be sustainable, delivering transparency both for security researchers and website owners. Quite a lot of organizations complain that commercial bug bounty platforms initially appear to be less expensive than tr ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article