[Owasp-board] BugCroud

Michael Coates michael.coates at owasp.org
Sat Dec 20 02:07:24 UTC 2014


Hey Jim

As someone who go is planning appsecusa 2015 here are my thoughts. 

1. Open call for activities. So bugcrowd and anyone else can submit a proposal for activity x. 

2. Making it clear that this is an add on activity coordinated by vendor x (e.g along the lines you mentioned if specifically vendor not Owasp)

And don't get me wrong, these companies are all great. But it's about clearly delineating Owasp vs vendor items and making an open playing field for all to submit. 



> On Dec 19, 2014, at 4:56 PM, Jim Manico <jim.manico at owasp.org> wrote:
> 
> Board,
> 
> BugCroud has been setting up events at OWASP conferences that concearn me. They are doing "bugbashes" which are CTF's that use the BugCroud closed-source commercial platform. These CTF's go after public websites that have open bug bounties, but still, it uses the BugCroud platform to track these efforts. Since this is a commercial platform, this falls under a vendor sponsorship program as opposed to an event they can host at our conference "for free".
> 
> So I suggest we charge for vendor sponsorship fees and move the BugBash program to the vendor area so it's clear this is not an official OWASP program.
> 
> If OWASP wants to do a "public conference" CTF in a more premium area of the conference, I'd like to see us using a platform that is open source like the OWASP CTF project. If a vendor wants to use their commercial platform to do a CTF at an official OWASP conference, that sounds like a vendor sponsorship event/opportunity.
> 
> Aloha,
> Jim
> 
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board


More information about the Owasp-board mailing list