Difference between an Open and a Private program
Open programs are open to all approved and KYC-verified security researches on Secuna platform. It gives the program better coverage and exposure to researchers. But same with private program, vulnerability reports can remain private and confidential unless they granted the researcher with to fully disclose it or publicly disclose it.
Private programs are known only to those security researchers invited to the program. All vulnerability reports for these programs remain private and confidential unless they granted the researcher with to fully disclose it or publicly disclose it.
As private programs limit the number of security researchers invited to the security program, the number of report submissions is also limited to enable the security program to get the hang of receiving and triaging vulnerability reports. All security programs begin as private, but as they become more proficient in handling reports, they can choose to go public if desired.