[Owasp-board] BugCroud

Jim Manico jim.manico at owasp.org
Tue Dec 23 19:25:07 UTC 2014


Agreed. This is more a point of discussion, Martin. I think it would
be very bad to force this on any conference, ever. It's just an idea
we may want to experiment with someday if conference teams are
willing. I think a small experiment at first is best...

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On Dec 23, 2014, at 9:13 AM, Martin Knobloch <martin.knobloch at owasp.org> wrote:
>
> ‎All,
>
> This sounds very interesting and I am looking forward to see how this will work out.
> That said, as I don't like changing rules during the  game, this is not applicable for the upcoming AppSec-Eu. We are to far in proceedings.
>
> Cheers,
> -martin
>
>
>   Origineel bericht
> Van: Tom Brennan
> Verzonden: dinsdag 23 december 2014 05:03
> Aan: Eoin Keary
> Cc: OWASP Board List
> Onderwerp: Re: [Owasp-board] BugCroud
>
> Related more to CFP but this is cool let the attendees pick the agenda
>
> https://www.syscan.org/index.php/sg/cfp/vote/
>
> Now that's transparency
>
> Tom Brennan
> 973-202-0122
>
>> On Dec 22, 2014, at 6:25 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>
>> +1
>>
>> Sent from my iPhone
>>
>>> On 20 Dec 2014, at 02:07, Michael Coates <michael.coates at owasp.org> wrote:
>>>
>>> Hey Jim
>>>
>>> As someone who go is planning appsecusa 2015 here are my thoughts.
>>>
>>> 1. Open call for activities. So bugcrowd and anyone else can submit a proposal for activity x.
>>>
>>> 2. Making it clear that this is an add on activity coordinated by vendor x (e.g along the lines you mentioned if specifically vendor not Owasp)
>>>
>>> And don't get me wrong, these companies are all great. But it's about clearly delineating Owasp vs vendor items and making an open playing field for all to submit.
>>>
>>>
>>>
>>>> On Dec 19, 2014, at 4:56 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>>
>>>> Board,
>>>>
>>>> BugCroud has been setting up events at OWASP conferences that concearn me. They are doing "bugbashes" which are CTF's that use the BugCroud closed-source commercial platform. These CTF's go after public websites that have open bug bounties, but still, it uses the BugCroud platform to track these efforts. Since this is a commercial platform, this falls under a vendor sponsorship program as opposed to an event they can host at our conference "for free".
>>>>
>>>> So I suggest we charge for vendor sponsorship fees and move the BugBash program to the vendor area so it's clear this is not an official OWASP program.
>>>>
>>>> If OWASP wants to do a "public conference" CTF in a more premium area of the conference, I'd like to see us using a platform that is open source like the OWASP CTF project. If a vendor wants to use their commercial platform to do a CTF at an official OWASP conference, that sounds like a vendor sponsorship event/opportunity.
>>>>
>>>> Aloha,
>>>> Jim
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board


More information about the Owasp-board mailing list