Many developers and companies looking to implement security are turning towards OWASP to use Defender libraries that they can implement to secure their critical applications. Since this implies a form of trust in OWASP, many users of these projects might forget or not be aware that many of them are Open Source and lack an expected security assurance review, which at the moment is not done by OWASP.
Testing web applications for security can be a challenging task. But testing that security control libraries are robust in the face of attack is an even more difficult challenge for even the most sophistical assessment professionals.
BugCrowd provides their platform and services to allow OWASP projects conduct specific Bug Bounty programs for Defender category projects but also, any other Code Project that needs to be installed and could create vulnerabilities in the installed computer.
The following projects are part of OWASP Bug Bounty: