[Owasp-board] BugCroud

Bev Corwin bev.corwin at owasp.org
Tue Dec 23 02:21:27 UTC 2014


Just wanted to share a thought: Open call + selection by independent
committee.

On Mon, Dec 22, 2014 at 6:25 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> +1
>
> Sent from my iPhone
>
> > On 20 Dec 2014, at 02:07, Michael Coates <michael.coates at owasp.org>
> wrote:
> >
> > Hey Jim
> >
> > As someone who go is planning appsecusa 2015 here are my thoughts.
> >
> > 1. Open call for activities. So bugcrowd and anyone else can submit a
> proposal for activity x.
> >
> > 2. Making it clear that this is an add on activity coordinated by vendor
> x (e.g along the lines you mentioned if specifically vendor not Owasp)
> >
> > And don't get me wrong, these companies are all great. But it's about
> clearly delineating Owasp vs vendor items and making an open playing field
> for all to submit.
> >
> >
> >
> >> On Dec 19, 2014, at 4:56 PM, Jim Manico <jim.manico at owasp.org> wrote:
> >>
> >> Board,
> >>
> >> BugCroud has been setting up events at OWASP conferences that concearn
> me. They are doing "bugbashes" which are CTF's that use the BugCroud
> closed-source commercial platform. These CTF's go after public websites
> that have open bug bounties, but still, it uses the BugCroud platform to
> track these efforts. Since this is a commercial platform, this falls under
> a vendor sponsorship program as opposed to an event they can host at our
> conference "for free".
> >>
> >> So I suggest we charge for vendor sponsorship fees and move the BugBash
> program to the vendor area so it's clear this is not an official OWASP
> program.
> >>
> >> If OWASP wants to do a "public conference" CTF in a more premium area
> of the conference, I'd like to see us using a platform that is open source
> like the OWASP CTF project. If a vendor wants to use their commercial
> platform to do a CTF at an official OWASP conference, that sounds like a
> vendor sponsorship event/opportunity.
> >>
> >> Aloha,
> >> Jim
> >>
> >> _______________________________________________
> >> Owasp-board mailing list
> >> Owasp-board at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-board
> > _______________________________________________
> > Owasp-board mailing list
> > Owasp-board at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20141222/fa39e6af/attachment.html>


More information about the Owasp-board mailing list