[Owasp-board] OWASP Bug Bounty Proposals

Bil Corry bil.corry at owasp.org
Thu Apr 7 19:46:49 UTC 2016


Apologies, I probably miss it, but is OWASP paying bounties?  Or just
providing recognition?  And what's the scope for the program?


- Bil

On Wed, Apr 6, 2016 at 10:53 PM, Jim Manico <jim.manico at owasp.org> wrote:

> All good Josh, thank you for this. I support the process.
>
> Aloha,
> Jim
>
>
> On 4/6/16 10:12 AM, Josh Sokol wrote:
>
> OWASP Board,
>
> The OWASP Bug Bounty initiative team, consisting of Kelly, Claudia,
> Johanna, Frank, Simon, and myself, have performed both a technical and
> contractual analysis of three bug bounty vendors.  We have come to a
> consensus on the vendor that we feel will provide us with the most
> capabilities and will be the best fit for the OWASP Foundation.  Before we
> notify the vendors and make an announcement of our selected vendor, I
> wanted to ask if any of you had any reservations with respect to the team's
> ability to conduct an impartial evaluation and select a vendor to move
> forward with?  If there are any concerns, I want to make sure that they are
> addressed now, before an announcement has been made.  If not, then you can
> expect an announcement in the next few days.  Thank you.
>
> ~josh
>
>
> _______________________________________________
> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160407/1f3a61ed/attachment.html>


More information about the Owasp-board mailing list