[Owasp-board] BugCroud

Jim Manico jim.manico at owasp.org
Sat Dec 20 00:56:40 UTC 2014


Board,

BugCroud has been setting up events at OWASP conferences that concearn 
me. They are doing "bugbashes" which are CTF's that use the BugCroud 
closed-source commercial platform. These CTF's go after public websites 
that have open bug bounties, but still, it uses the BugCroud platform to 
track these efforts. Since this is a commercial platform, this falls 
under a vendor sponsorship program as opposed to an event they can host 
at our conference "for free".

So I suggest we charge for vendor sponsorship fees and move the BugBash 
program to the vendor area so it's clear this is not an official OWASP 
program.

If OWASP wants to do a "public conference" CTF in a more premium area of 
the conference, I'd like to see us using a platform that is open source 
like the OWASP CTF project. If a vendor wants to use their commercial 
platform to do a CTF at an official OWASP conference, that sounds like a 
vendor sponsorship event/opportunity.

Aloha,
Jim



More information about the Owasp-board mailing list