Making the program "restricted" will mean that bug hunters have to apply (and do KYC if you turn that on). You'll be able to do what you propose but it'll also increase friction vs having submissions fully public.
The main differentiator to HackerOne is price and lower commitment (i.e. contracts). It's also a lot simpler in the UI as it's not chasing the big end of town and uses AI in a more integrated way. That said, Bugbop isn’t trying to replace HackerOne. It’s built for teams that won’t run a bug bounty otherwise.
Bypassing can be a problem but paying people overseas (and KYC) can be quite annoying. There's also less credibility without a 3rd party proving the bounties exist.
"Someone can copy you" was never going to be a moat. There's a lot more to a company than just the technical build. I'll just have to stay better than them :-)
I've priced Bugbop very competitively and making it free will be difficult with the payment processing fees.
Indisputable USP? That's hard. I think Bugbop is fairly unique in that it's a passion project of a long-time bug bounty program runner. I love this stuff and I'm happy to have a founder-to-founder calls about what bug bounty looks like in practice.
Happy to answer any questions or just talk bug bounty/disclosure. I love both economics and security. Bug bounty sits at the intersection of these two.
These aren't purchases via their app store (I don't know if you can even do that?). They're within our webapp using Shopify's billing API to buy stuff. The Shopify integration is just used for discovery (via their app store), login, installation, email integration, and of course billing.
Yes but if you bill them separately using Stripe, that's clearly against their Terms of Service.
> The Shopify integration is just used for discovery (via their app store), login, installation, email integration, and of course billing.
So Shopify is responsible for generating 100% of your revenue, correct? If you are opposed to a 20% cut of that on principle, how else do you expect them to make money?
Their subscription service alone doesn't cover the costs of running the business. That's why they take a margin on sales.
Also it seems like a fair way to make money -- sell hosting services for cheap (so people who want to start a business can get going fast) and as they move into larger revenues they provide a portion back to the services that helped them get there.
do you show to the Stripe billing option to all installations (meaning also the ones that came directly from the App Store listing) or only the ones that came through your website / are existing customers?
All. That's the issue they've got. It looks like we're going to have to hide it for anyone that comes in via the App Store.
Another problem is we've got 4 products and only one is listed on the Shopify app store. If they log in via product A's listing then buy product B, it seems we must use Shopify's billing for that too.
Nah, we've had Stripe since 2013. Added Shopify billing in 2016 (which was a nightmare using their old API). We'll be too small for an exemption/wire transfer method.
We reviewed the profile you reported and found that it doesn't go against any of our Community Standards.
If there's something specific on this profile that you think we should review (e.g. a photo), please report the content itself.
We want to keep Facebook safe and welcoming for everyone, so thanks again for taking the time to report this.
Making the program "restricted" will mean that bug hunters have to apply (and do KYC if you turn that on). You'll be able to do what you propose but it'll also increase friction vs having submissions fully public.