[Esapi-user] [Esapi-dev] 2 ESAPI Bounties created on Bountysource
jim.manico at owasp.org
Mon Jan 26 15:29:21 UTC 2015
Limiting who can work on this makes no sense, a bug is a bug is a bounty.
I say anyone can chase these. And since we have no staff who are computer
programmers, I don't see an issue there. Let's not put up unnecessary
roadblocks to completion.
Anyone can chase these bounties...
On Jan 26, 2015, at 7:12 AM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
Works for me.
Sent from my Droid; please excuse typos.
On Jan 26, 2015 6:03 AM, "Fabio Cerullo" <fcerullo at owasp.org> wrote:
> Great stuff guys... I would say for the time being, lets keep it simple
> regarding participating rules.
> - ESAPI project leaders (You & Chris) cannot claim the bounty.
> - OWASP Global Board members and staff cannot claim the bounty.
> - Everyone else is invited to participate and submit solutions.
> Makes sense?
> On Mon, Jan 26, 2015 at 5:33 AM, Jeff Williams <
> jeff.williams at aspectsecurity.com> wrote:
>> Very cool. Thanks Kevin and Chris!
>> From: Kevin Wall
>> Date: Sunday, January 25, 2015 at 11:51 PM
>> To: 'ESAPI-Developers', "Esapi-user at lists.owasp.org", Fabio Cerullo
>> Subject: [Esapi-dev] 2 ESAPI Bounties created on Bountysource
>> I just created a $200 bounty on Reference Implementation Extensibility
>> a second one for $275 for
>> Need Major Changes to Configuration Mechanism
>> The first one expires in 6 months and the second one expires in 3 months
>> (although if significant progress can be shown on either of these, I'd be
>> willing to extend the times).
>> If you have questions, on how to handle the bounties themselves,
>> check out the Bountysource
>> FAQ <https://www.bountysource.com/faq>
>> or contact the Bountysource team via
>> * *
>> *support at bountysource.com <support at bountysource.com> (Email) *
>> * *
>> *#Bountysource (IRC) *
>> * *
>> *@Bountysource (Twitter) *
>> * *
>> *Bountysource (Facebook)*
>> If you have questions about the issues themselves either post
>> your questions to the ESAPI Dev list or send them directly
>> to me. (If they are questions about clarification, I'd prefer
>> an open dialog on the ESAPI Dev mailing list.)
>> Fabio, do you have anything to add, such as are there any
>> restrictions as to who may participate, etc. (I suggest that
>> at least you, Chris Schmidt, and myself should not be eligible
>> to about any appearance of conflict of interest, but I'm not
>> sure if we should have additional people excluded.)
>> P.S.- Please help spread the word about this. Thanks.
>> Blog: http://off-the-wall-security.blogspot.com/
>> NSA: All your crypto bit are belong to us.
Esapi-dev mailing list
Esapi-dev at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user