Announcement of Winners - Best Bug Bounty Program, Best Upcoming Program & Best Issue in 2014

Editorial_Staff_Team's picture

Best Bug Bounty Program, Best Upcoming Bug Bounty Program & Best Bug Bounty Issue in 2014

In september 2014 last year we started a large campaign to reward the "Best Bug Bounty Program" and "Best Upcoming Bug Bounty Program" in 2014.

Next to the new special event we also coordinated to reward the best bug bounty submission of the year 2014 in the Vulnerability Laboratory with a special trophy.

100 active Vulnerability Laboratory members started to vote the "Best Bug Bounty Program 2014" followed by 101 independent vulnerability researchers and bug bounty hunters. The best bug bounty program of the year 2014 must have the following characteristics to win the independent security competition.

- Trustworthiness and reliability in handling with reported security gaps
- Expression and expansion of the public security program service
- Announcement of program updates or policy upgrades
- Cooperative exchange (Researchers & Teams)
- Fast Response to the Research Community
- Good Coordination (Researchers & Teams)
- Reliability of the bug bounty payouts
- Transparency of the program

100 active Vulnerability Laboratory members started to vote the "Best Upcoming Bug Bounty Program 2014" followed by 101 independent vulnerability researchers and bug bounty hunters. The best upcoming bug bounty program of the year 2014 must have the following characteristics to win the independent security competition.

- Startup in the bug bounty market business
- Trustworthiness and reliability in handling with reported security gaps
- Expression and expansion of the public security program service
- Announcement of program updates or policy upgrades
- Cooperative exchange (Researchers & Teams)
- Fast Response to the Research Community
- Good Coordination (Researchers & Teams)
- Reliability of the bug bounty payouts
- Transparency of the program

100 active Vulnerability Laboratory members started to vote the "Best Bug Bounty Issue 2014" followed by 101 independent vulnerability researchers and bug bounty hunters. The best bug bounty submission of the year 2014 must have the following characteristics to win the independent security competition.

- Quality of written Vulnerability Report (Advisory or Bulletin)
- Reliability of the technical details
- Availability and applicability of the Proof of Concept
- Coordinated disclosure in connection with the Manufacturer/Program
- Severity & risk of the reported Bug Bounty Issue
- Typ of Vulnerability
- Reward Count (Minimum Bounty +1000$)
- Public feedback & response by independent researchers
- Views of Plain issue & public resonance

Now, we would like to announce the winners of the 3 competitions ...

Winner of the "Best Bug Bounty Program 2014" is ... PayPal Inc
https://www.paypal.com/webapps/mpp/security/reporting-security-issues
https://www.paypal.com/webapps/mpp/ebayincbugbounty-tc

Winner of the "Best Upcoming Bug Bounty Program 2014" is ... Microsoft Online - Bug Bounty Program
https://technet.microsoft.com/en-US/security/dn800983

Winner of the "Best Bug Bounty Issue in 2014" is ... Ateeq ur Rehman Khan with the Mozilla WireTap Vulnerability (MFSA 2014-14)
https://www.flickr.com/photos/vulnerabilitylab/14886584215/in/set-721576...
http://www.vulnerability-lab.com/get_content.php?id=953
http://www.vulnerability-lab.com/get_content.php?id=967

The winners of the competition will get a letter of respect to acknowledge the win. To reward the manufacturer of the winner programs we are handing over the cup award next to the famous CeBIT event. The CeBIT in Hannover (germany) starts 16th march and ends 20th march 2015. We are able to send the award to the manufacturer but we want to make this event happens by our personal interaction. Both companies are available at the famous it-event in hannover and so we decided to visit them.

The two graphs below show the statistics to the best bug bounty program and best upcoming bug bounty program voting.

To upgrade the bounty program rewards we also ordered a LED base to highlight the crystal glass globe award. Beginning with the first award campaign and nomination we announce to keep this event running every year. We would like to thank all the individual researchers and bug bounty hunters that participated successful in the new campaign. THANKS!

@ Vulnerability Laboratory - Administration

Reference(s):
http://www.vulnerability-lab.com/list-of-bugbounty-program-year.php
http://www.vulnerability-lab.com/list-of-best-upcomings-bugbounty-progra...
http://www.vulnerability-lab.com/list-of-best-bugbounty-issues-year.php

 

Rate this article: 
Average: 5 (8 votes)

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.