Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you.
The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the leading commercial bug bounty platforms, the latter are trying to reinvent themselves as “next-generation penetration testing” or similar services. You be the judge of how successful they will be.
Generous venture funds have poured many millions into rapidly spending bug bounty startups that have not replaced Managed Penetration Testing (MPT) services (as some declared). However, these startups have positively improved the price/quality ratio of pen testing services on the global market.
Amid the uncertainty for the future of commercial bug bounty platforms, the not-for-profit Open Bug Bounty project has demonstrated quite impressive growth and traction in its annual report from 2019:
Just in 2019 the non-commercial, ISO 29147 based, bug bounty platform reported the following: