[Esapi-user] [Esapi-dev] 2 ESAPI Bounties created on Bountysource

Dinis Cruz dinis.cruz at owasp.org
Mon Jan 26 15:56:29 UTC 2015


The key is that it is happening, so hopefully some good code contributions
will come out of it
On 26 Jan 2015 15:52, "Jim Manico" <jim.manico at owasp.org> wrote:

> I think your disagreement is a fair point. I'm a bit more focused on the
> end-goal and do not want to put barriers up, but I don't think your take on
> this is un-reasonable, Dinis.
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> On Jan 26, 2015, at 7:42 AM, Dinis Cruz <dinis.cruz at owasp.org> wrote:
>
> I'm sure me and Jim have 'agreed to disagree' on this one, so here are my
> 2 cents:
>
> I think that this is a great idea and use of owasp funds (both project
> specific or globally), but I would put the limitations to participate on
> 'not being an owasp leader'
>
> That is: only non owasp leaders are eligible to receive the bounty (only
> applying to current owasp leaders)
>
> That actually makes it much simpler and transparent in the short, medium
> and long term
>  On 26 Jan 2015 15:32, "Jim Manico" <jim.manico at owasp.org> wrote:
>
>> Limiting who can work on this makes no sense, a bug is a bug is a
>> bounty.  I say anyone can chase these. And since we have no staff who are
>> computer programmers, I don't see an issue there. Let's not put up
>> unnecessary roadblocks to completion.
>>
>> Anyone can chase these bounties...
>>
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Jan 26, 2015, at 7:12 AM, Kevin W. Wall <kevin.w.wall at gmail.com>
>> wrote:
>>
>> Works for me.
>>
>> -kevin
>> Sent from my Droid; please excuse typos.
>> On Jan 26, 2015 6:03 AM, "Fabio Cerullo" <fcerullo at owasp.org> wrote:
>>
>>> Great stuff guys... I would say for the time being, lets keep it simple
>>> regarding participating rules.
>>>
>>> - ESAPI project leaders (You & Chris) cannot claim the bounty.
>>> - OWASP Global Board members and staff cannot claim the bounty.
>>> - Everyone else is invited to participate and submit solutions.
>>>
>>> Makes sense?
>>>
>>> Fabio
>>>
>>> On Mon, Jan 26, 2015 at 5:33 AM, Jeff Williams <
>>> jeff.williams at aspectsecurity.com> wrote:
>>>
>>>>  Very cool.  Thanks Kevin and Chris!
>>>>
>>>>  --Jeff
>>>>
>>>>
>>>>   From: Kevin Wall
>>>> Date: Sunday, January 25, 2015 at 11:51 PM
>>>> To: 'ESAPI-Developers', "Esapi-user at lists.owasp.org", Fabio Cerullo
>>>> Subject: [Esapi-dev] 2 ESAPI Bounties created on Bountysource
>>>>
>>>>     All,
>>>>
>>>> ​I just created a $200 bounty on Reference Implementation Extensibility
>>>> <https://www.bountysource.com/issues/5975294-reference-implementation-extensibility>
>>>>>>>> <https://www.bountysource.com/issues/5975294-reference-implementation-extensibility>
>>>> and
>>>> a second one for $275 for​
>>>> ​ Need Major Changes to Configuration Mechanism​
>>>> <https://www.bountysource.com/issues/5975509-need-major-changes-to-configuration-mechanism>
>>>> ​.
>>>> The first one expires in 6 months and the second one expires in 3 months
>>>> (although if significant progress can be shown on either of these, I'd
>>>> be
>>>> willing to extend the times).
>>>>
>>>> ​If you have questions, on how to handle the bounties themselves,
>>>> check out the Bountysource​
>>>>  FAQ <https://www.bountysource.com/faq>
>>>>>>>> or contact the Bountysource team via
>>>>
>>>>  *​     ​*
>>>>
>>>> *support at bountysource.com <support at bountysource.com> (Email) *
>>>> *​     ​*
>>>>
>>>> *#Bountysource (IRC) *
>>>> *​     ​*
>>>>
>>>> *@Bountysource (Twitter) *
>>>> *​     ​*
>>>> *Bountysource (Facebook)*
>>>>
>>>>  ​If you have questions about the issues themselves either post
>>>> your questions to the ESAPI Dev list or send them directly
>>>> to me. (If they are questions about clarification, I'd prefer
>>>>  an open dialog on the ESAPI Dev mailing list.)
>>>>
>>>>  Fabio, do you have anything to add, such as are there any
>>>> restrictions as to who may participate, etc. (I suggest that
>>>> at least you, Chris Schmidt, and myself should not be eligible
>>>> to about any appearance of conflict of interest, but I'm not
>>>> sure if we should have additional people excluded.)
>>>>
>>>>  -kevin​
>>>>  P.S.- Please help spread the word about this. Thanks.
>>>>  --
>>>>  Blog: http://off-the-wall-security.blogspot.com/
>>>> NSA: All your crypto bit are belong to us.
>>>>
>>>
>>>  _______________________________________________
>> Esapi-dev mailing list
>> Esapi-dev at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-dev
>>
>>
>> _______________________________________________
>> Esapi-dev mailing list
>> Esapi-dev at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/esapi-dev
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20150126/cbe6992c/attachment.html>


More information about the Esapi-user mailing list