Show HN: Bugbop – a smaller bug bounty platform

1•ponny•1h ago

Hi HN!

I created Bugbop over the last year now I'm officially releasing it! It’s a platform for teams that want to run their first bug bounty without expensive contracts. I come from a SaaS technical founder background where I ran our program for years. Now I've decided to make something better suited to that niche.

The model is simple: only pay when valid vulnerabilities are found. No ongoing subscriptions. Set budgets to avoid going over. The app's still in the early days but it's working: security bugs are getting paid and bug hunters are getting bounties.

It's using AI to review check if it's in scope, detect duplicates, and set severity (the app doesn't ask reporters because everyone just says "Critical").

I’m interested in feedback from people who’ve run bug bounties, stopped running them, or considered them and decided against it.

Comments

ponny•1h ago

Happy to answer any questions or just talk bug bounty/disclosure. I love both economics and security. Bug bounty sits at the intersection of these two.

colesantiago•1h ago

What makes this different to Hackerone or better yet, privately sending bounties to hackers off platform bypassing the fee?

Or someone else cloning the same thing as Bugbop with AI and undercutting it or making it free?

What is the actual indisputable USP of your solution?

ponny•44m ago

Fair questions.

The main differentiator to HackerOne is price and lower commitment (i.e. contracts). It's also a lot simpler in the UI as it's not chasing the big end of town and uses AI in a more integrated way. That said, Bugbop isn’t trying to replace HackerOne. It’s built for teams that won’t run a bug bounty otherwise.

Bypassing can be a problem but paying people overseas (and KYC) can be quite annoying. There's also less credibility without a 3rd party proving the bounties exist.

"Someone can copy you" was never going to be a moat. There's a lot more to a company than just the technical build. I'll just have to stay better than them :-)

I've priced Bugbop very competitively and making it free will be difficult with the payment processing fees.

Indisputable USP? That's hard. I think Bugbop is fairly unique in that it's a passion project of a long-time bug bounty program runner. I love this stuff and I'm happy to have a founder-to-founder calls about what bug bounty looks like in practice.

Show HN: Ginny and Georgia Test

Exponential growth continued – cargo-semver-checks 2025 Year in Review

Stoat: An open-source, user-first chat platform

Island of Misfit Startups: Part I (LensReader)

GCC 16 Compiler Steps Closer To Release With Algol 68 Front end, Zen 6, C++20

Justice Delayed Is Justice Denied

Show HN: QPost – Free tool for automating YouTube/TikTok/Instagram video posting

SpaceX gets FCC permission to launch another 7,500 Starlink satellites

X Corp Sues Music Publishers, Alleges Coordinated DMCA Extortion

The Homepage of Ron Goodwin

Time Is of the Essence

Show HN: Home Design AI

Cosmotechnics and AI: Reading Hamid Ismailov's We Computers

Universal Commerce Protocol (UCP)

US Nightmare Propaganda

Vibe Coding Debt: The Security Risks of AI-Generated Codebases

Even Linus Torvalds is vibe coding now

Working with Ruby Threads

The Day AI Defeated Google (As Its Own Owner)

Operation Tailwind War Crime

macOS 26's Cut Corners

Burroughs B21 / Convergent AWS Vintage Computer Restoration – Dr. Scott M. Baker

My AI resources packed together

I asked Opus 4.5 to make a Rust implementation of PyNNDescent

The Foundation Every Design System Gets Wrong

Klarna boss backs interest rate cap on credit cards

Show HN: Oubli – Persistent fractal memory for Claude Code

Helping promote the Lax programming language

Show HN: Stove – Kotlin-first E2E testing for JVM Back end apps(Ktor,SpringBoot)

In Memoriam: The Academic Journal