Public bug bounty program with Bugcrowd

Octopus has transitioned its bug bounty program, initially launched privately in collaboration with Bugcrowd, to a public format, inviting wider participation to enhance its website's security. The program began in Q2 2019 and has since involved 883 researchers, leading to over 200 submissions, with 27 significant enough for rewards. The company values quick resolution times, averaging under two days for critical issues, and has distributed over $16,000 in rewards, using Bugcrowd's VRT and CVSS scoring to assess severity. While the current focus is on their security testing environment, Octopus is considering expanding the scope to include their products in the future. Participants can access the program details and rewards, which range from $150 to $3,000, on Bugcrowd's portal.