https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Sat, 16 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-16-bug-bounty-vdp-platforms-2026-hackerone-bugcrowd-intigriti-synack-yeswehack-immunefi-code4rena-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-bug-bounty-vdp-platforms-2026-hackerone-bugcrowd-intigriti-synack-yeswehack-immunefi-code4rena-deep-dive.en In 2026 the bug bounty industry has finished a whole season. HackerOne pushed back its IPO and tilted toward managed services, Bugcrowd leans on AI triage, and across Europe Intigriti has become the de-facto standard. Synack defines managed pentest with vetted hunters, YesWeHack readies a GDPR / NIS2-friendly platform for the EU CRA era. In Web3, Immunefi puts a single-finding $10M reward on the table, while Code4rena, Sherlock, Hats Finance, Spearbit, and HackenProof split the world between code contests and ongoing bounties. In AI, the Anthropic Model Safety Bounty (Aug 2024) and OpenAI Cybersecurity Grant Program target the models themselves. It is also the year CVE / NVD wobbled, and the year VDPs became effectively mandatory through CISA BOD 20-01 and the EU CRA. This post maps fifteen platforms across four quadrants (managed / self-hosted / Web3 / AI), and finishes with Korea (KISA, Toss, Kakao) and Japan (IPA, ZOZO, Mercari, LY, DMM). Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) bug-bountyvdphackeronebugcrowdintigritisynackyeswehackopen-bug-bountyimmuneficode4renasherlockhats-financespearbithackenproofcobalt-iobugbasehackrateanthropic-bountyopenai-cybersecurity-grantcvemitrenist-nvdcisakisaipa2026deep-diveenglish https://www.youngju.dev/blog/culture/2026-05-16-bug-bounty-vdp-platforms-2026-hackerone-bugcrowd-intigriti-synack-yeswehack-immunefi-code4rena-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-bug-bounty-vdp-platforms-2026-hackerone-bugcrowd-intigriti-synack-yeswehack-immunefi-code4rena-deep-dive.ja 2026 年のバグバウンティは、ひとつの季節を丸ごと終えた産業である。HackerOne は IPO を後ろ倒しにしてマネージドサービスへ重心を移し、Bugcrowd は AI トリアージを前面に出し、欧州では Intigriti が事実上の標準になった。Synack は本人確認済みハンターでマネージドペンテストを定義し、YesWeHack は GDPR / NIS2 に親和的なプラットフォームで EU CRA 時代に備える。Web3 では Immunefi が一件 $10M の賞金を敷き、Code4rena・Sherlock・Hats Finance・Spearbit・HackenProof がコードコンテストと常設バウンティに分かれる。AI では Anthropic Model Safety Bounty(2024 年 8 月)と OpenAI Cybersecurity Grant Program がモデルそのものを標的にする。そして CVE / NVD が揺れ、CISA BOD 20-01 と EU CRA によって VDP が事実上の義務化に向かった一年。本稿は 15 のプラットフォームを「マネージド / セルフホスト / Web3 / AI」の 4 象限に整理し、韓国(KISA・トス・カカオ)と日本(IPA・ZOZO・メルカリ・LY・DMM)の風景まで一息で見る。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) bug-bountyvdphackeronebugcrowdintigritisynackyeswehackopen-bug-bountyimmuneficode4renasherlockhats-financespearbithackenproofcobalt-iobugbasehackrateanthropic-bountyopenai-cybersecurity-grantcvemitrenist-nvdcisakisaipa2026deep-dive日本語 https://www.youngju.dev/blog/culture/2026-05-16-bug-bounty-vdp-platforms-2026-hackerone-bugcrowd-intigriti-synack-yeswehack-immunefi-code4rena-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-bug-bounty-vdp-platforms-2026-hackerone-bugcrowd-intigriti-synack-yeswehack-immunefi-code4rena-deep-dive 2026년 버그 바운티는 한 시즌을 통째로 끝낸 산업이다. HackerOne이 IPO를 미루며 매니지드 서비스로 무게중심을 옮기고, Bugcrowd가 AI 트리아지를 내세우고, 유럽에서는 Intigriti가 사실상의 표준이 되었다. Synack은 신원확인된 헌터로 매니지드 펜테스트를 정의하고, YesWeHack는 GDPR · NIS2 친화 플랫폼으로 EU CRA 시대를 준비한다. Web3에서는 Immunefi가 한 건 $10M 상금을 깔고, Code4rena · Sherlock · Hats Finance · Spearbit · HackenProof가 코드 경연과 상시 바운티로 나뉜다. AI에서는 Anthropic Model Safety Bounty(2024.8)와 OpenAI Cybersecurity Grant Program이 모델 자체를 표적으로 한다. 그리고 CVE / NVD가 흔들리는 한 해, VDP가 CISA BOD 20-01과 EU CRA로 사실상 의무가 된 한 해다. 이 글은 15개 플랫폼을 매니지드 · 셀프호스팅 · Web3 · AI 4분면으로 정리하고, 한국(KISA · 토스 · 카카오)과 일본(IPA · ZOZO · Mercari · LY · DMM)의 풍경까지 한 호흡으로 본다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) bug-bountyvdphackeronebugcrowdintigritisynackyeswehackopen-bug-bountyimmuneficode4renasherlockhats-financespearbithackenproofcobalt-iobugbasehackrateanthropic-bountyopenai-cybersecurity-grantcvemitrenist-nvdcisakisaipa2026deep-dive