> As part of Heroku and our parent company Salesforce.com’s commitment to philanthropy, if you are interested in donating your bounty to a recognized charity we will match it dollar-for-dollar.
Kudos to the Heroku folks for this. I haven't seen any other bug bounty program doing this (I'd love to be wrong -- please let me know if I am!), and it's a very nice change from the norm.
I would guess it is precisely because BugCrowd is more expensive. They offer a managed program where BugCrowd's employees validate bug reports for participating companies. Speaking from experience, that process can become very time-consuming.
If I were running a startup or even a moderately-sized company, implementing and managing a bug bounty program internally sounds like a headache, and probably would be put off indefinitely. A managed solution like BugCrowd could definitely fill this void.
Kudos to the Heroku folks for this. I haven't seen any other bug bounty program doing this (I'd love to be wrong -- please let me know if I am!), and it's a very nice change from the norm.