Table of contents
If someone has reported a potential exploit via openbugbounty.org and has contacted you saying you must disclose this issue, how must you go about that to be compliant? Source: almost 2 years ago
Also depending on where you're at (e.g. Which country), it may be perfectly legal for you to test for non-instrusive vulns (I.e. xss/csrf/redirects) legally without permission, as long as you aren't actually weaponizing them.. So I used to test for that stuff against live sites in the wild and then report it via projects like https://openbugbounty.org/ just as a way to get some practice in against live targets. Source: over 2 years ago
I used Open Bug Bounty quite a lot, but to be honest, most of it was just sending e-mails to the affected company. I suppose you could call it cold calling. Source: almost 3 years ago
Do you know an article comparing Open Bug Bounty to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Open Bug Bounty. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.
