(no title)

The main differentiator to HackerOne is price and lower commitment (i.e. contracts). It's also a lot simpler in the UI as it's not chasing the big end of town and uses AI in a more integrated way. That said, Bugbop isn’t trying to replace HackerOne. It’s built for teams that won’t run a bug bounty otherwise.

Bypassing can be a problem but paying people overseas (and KYC) can be quite annoying. There's also less credibility without a 3rd party proving the bounties exist.

"Someone can copy you" was never going to be a moat. There's a lot more to a company than just the technical build. I'll just have to stay better than them :-)

I've priced Bugbop very competitively and making it free will be difficult with the payment processing fees.

Indisputable USP? That's hard. I think Bugbop is fairly unique in that it's a passion project of a long-time bug bounty program runner. I love this stuff and I'm happy to have a founder-to-founder calls about what bug bounty looks like in practice.