[Owasp-board] BugCroud

Jim Manico jim.manico at owasp.org
Sat Dec 20 02:12:23 UTC 2014


Love it. +1

An "open call for proposals" is way more vendor neutral for conference CBT's.

Clearly stating that this is a vendor activity solves our
non-commercial obligations.

These would satisfy my concerns over this issue.

The "pay for sponsorship" issues much much less of a concern. The
vendor neutrality and non-commercial issues are much more important.

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On Dec 19, 2014, at 4:07 PM, Michael Coates <michael.coates at owasp.org> wrote:
>
> Hey Jim
>
> As someone who go is planning appsecusa 2015 here are my thoughts.
>
> 1. Open call for activities. So bugcrowd and anyone else can submit a proposal for activity x.
>
> 2. Making it clear that this is an add on activity coordinated by vendor x (e.g along the lines you mentioned if specifically vendor not Owasp)
>
> And don't get me wrong, these companies are all great. But it's about clearly delineating Owasp vs vendor items and making an open playing field for all to submit.
>
>
>
>> On Dec 19, 2014, at 4:56 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> Board,
>>
>> BugCroud has been setting up events at OWASP conferences that concearn me. They are doing "bugbashes" which are CTF's that use the BugCroud closed-source commercial platform. These CTF's go after public websites that have open bug bounties, but still, it uses the BugCroud platform to track these efforts. Since this is a commercial platform, this falls under a vendor sponsorship program as opposed to an event they can host at our conference "for free".
>>
>> So I suggest we charge for vendor sponsorship fees and move the BugBash program to the vendor area so it's clear this is not an official OWASP program.
>>
>> If OWASP wants to do a "public conference" CTF in a more premium area of the conference, I'd like to see us using a platform that is open source like the OWASP CTF project. If a vendor wants to use their commercial platform to do a CTF at an official OWASP conference, that sounds like a vendor sponsorship event/opportunity.
>>
>> Aloha,
>> Jim
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board


More information about the Owasp-board mailing list