The program's expectation is that the operators of the affected website will reward the researchers for making their reports.
Heise.de identified the potential for the website to be a vehicle for blackmailing website operators with the threat of disclosing vulnerabilities if no bounty is paid, but reported that Open Bug Bounty prohibits this.
[2] Open Bug Bounty was launched by private security enthusiasts in 2014, and as of February 2017 had recorded 100,000 vulnerabilities, of which 35,000 had been fixed.
[4] In February 2018, the platform had 100,000 fixed vulnerabilities using coordinated disclosure program based on ISO 29147 guidelines.
[5] Up to the end of 2019, the platform reported 272,020 fixed vulnerabilities using coordinated disclosure program based on ISO 29147 guidelines.