Bounty program

Take part in a bounty program like, where users can sponsor features they would like to get implemented.

They do take part in a bounty program

1 Like

This is cool, but a different kind of bounty program. I’m talking about users give money to bitwarden for new features, instead of bitwarden gives money to users for security issues… :wink:


I agree and would love to see a bounty program, the possibilities with bountysource, gitcoin and the like would be really nice. Features that are very important to users will see greater bounties than other issues and would help developers prioritise?

I’d prefer the developers prioritize the features requested by the enterprise license customers. :slight_smile:

In Free / Open Source these are not mutually exclusive - they can happen at the same time. Developers who are getting paid via enterprise licenses can work on what the enterprise customers want, and freelance developers and everyone else can earn money from bounties placed by the community.

The only potential blocker is how many / which pull requests the maintainers of the codebase are willing to review and merge. But I’d be pretty astonished if they rejected community-funded enhancements which met a decent level of quality; if they did, this would send a very bad message out to the community and risk causing hard-forks of the project.

There is some precedent for this kind of behaviour being partially tolerated in Open Core projects such as GitLab, but if it happens too much then it typically tips the community over the edge (e.g. see the history behind LibreOffice vs. OpenOffice, or MariaDB vs. MySQL - incidentally both triggered by bad behaviour at Oracle).

It’s also worth noting that noone has to wait for the Bitwarden folks to “officially” enroll the project in a bounty program. Anyone can submit a bounty to any bounty management platform such as Gitcoin or Bountysource at any point. That’s the beauty of Free / Open Source software :slight_smile:

Does Bitwarden pay bounties to reward hackers who notify the company of security vulnerabilities ?

Currently, we have our HackerOne project, but monetary bounties aren’t available just yet. We’re working on improving that, though. Stay tuned!