Does anyone actually look at the #OpenBugBounty platform's contact page? My account over there has added a random Twitter account and there doesn't seem to be a way to remove it. I have no idea WTF is going on.

Yesterday I got a #scam email allegedly from #OpenBugBounty (from a slightly different email address, note the typo) about a vulnerability but with no details, asking to contact by email to a Gmail address.

I immediately reported to #namesilo (the domain registrar) and openbugbounty[.]org. Today the scam domain has been deactivated! That was pretty fast!

Hi #itsecurity folks. I have a question for a friend:
My friend got contacted by #OpenBugBounty about a vulnerability in his website. They say they do responsible disclosure, but in fact, they don’t disclose anything. My friend contacted the “security researcher” who found the vulnerability and that guy just asked for money. So nothing is disclosed to my friend (who thinks there probably is nothing serious, knowing his website).

So what’s the deal? Is OpenBugBounty a blackmailing site or legit?

Why does OpenBugBounty still only support Twitter login? Surely they've seen the writing on the wall by now??

On that topic, are there any alternatives to OBB that support more traditional, non social-network related logins?

#openbugbounty #twitter #security

After some time of radio silence, I saw another #OpenBugBounty phishing.

It pretends to be from openbugbounty.de and try uses a gmail contact

📬 Open Bug Bounty: Mehr als eine Million Schwachstellen behoben
#Hacking #Softwareentwicklung #BugBountyProgramm #Datenschutzgesetze #Drupal #ISO29147 #OpenBugBounty #Sicherheitsforscher #TelekomAustria https://tarnkappe.info/artikel/softwareentwicklung/open-bug-bounty-mehr-als-eine-million-schwachstellen-behoben-258941.html

I got my first incident reported via #OpenBugBounty. To be honest: The communication worked better than it does at my workplace.

Now I just need to convince management that these kinds of reports are worth a few bucks. 🙄