[Owasp-board] BugCroud

Jim Manico jim.manico at owasp.org
Sat Dec 20 00:56:40 UTC 2014


BugCroud has been setting up events at OWASP conferences that concearn 
me. They are doing "bugbashes" which are CTF's that use the BugCroud 
closed-source commercial platform. These CTF's go after public websites 
that have open bug bounties, but still, it uses the BugCroud platform to 
track these efforts. Since this is a commercial platform, this falls 
under a vendor sponsorship program as opposed to an event they can host 
at our conference "for free".

So I suggest we charge for vendor sponsorship fees and move the BugBash 
program to the vendor area so it's clear this is not an official OWASP 

If OWASP wants to do a "public conference" CTF in a more premium area of 
the conference, I'd like to see us using a platform that is open source 
like the OWASP CTF project. If a vendor wants to use their commercial 
platform to do a CTF at an official OWASP conference, that sounds like a 
vendor sponsorship event/opportunity.


More information about the Owasp-board mailing list