[Owasp-board] OWASP Bug Bounty Proposals

Bil Corry bil.corry at owasp.org
Thu Apr 7 20:48:34 UTC 2016


Sounds great, thank you for the information.


- Bil

On Thu, Apr 7, 2016 at 9:59 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

>
> .>Apologies, I probably miss it, but is OWASP paying bounties?  Or just
> providing recognition?  And what's the scope for the program?
>
> Hi Bill,
>
> Clarifications on your questions:
>
> No, OWASP will not be paying bounties but purely recognition, sure in this
> first phase once it is announced which Bounty management company we have
> selected
>
>  >>And what's the scope for the program?
>
> Right now the part I'll be supporting , some security libraries will
> participate in the program, to start with
>
>    - CRSFGuard
>    - OWASP SeraphimDroid
>
> Other projects leaders could manage a program directly within the
> interface, like ZAP.
>
> The management of vulnerabilities will be totally in charge of the Bounty
> service provider and only those confirmed bugs we need to finalise verifying
>
> The idea is also to have a Bounty program for OWASP wiki and mailman, this
> is lead by Frank Catucci and other OWASP volunteers that offered their
> support:
> https://www.owasp.org/index.php/Help_Secure_Owasp_assests
>
> Cheers
>
> Johanna
>
>
> On Thu, Apr 7, 2016 at 3:46 PM, Bil Corry <bil.corry at owasp.org> wrote:
>
>> Apologies, I probably miss it, but is OWASP paying bounties?  Or just
>> providing recognition?  And what's the scope for the program?
>>
>>
>> - Bil
>>
>> On Wed, Apr 6, 2016 at 10:53 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> All good Josh, thank you for this. I support the process.
>>>
>>> Aloha,
>>> Jim
>>>
>>>
>>> On 4/6/16 10:12 AM, Josh Sokol wrote:
>>>
>>> OWASP Board,
>>>
>>> The OWASP Bug Bounty initiative team, consisting of Kelly, Claudia,
>>> Johanna, Frank, Simon, and myself, have performed both a technical and
>>> contractual analysis of three bug bounty vendors.  We have come to a
>>> consensus on the vendor that we feel will provide us with the most
>>> capabilities and will be the best fit for the OWASP Foundation.  Before we
>>> notify the vendors and make an announcement of our selected vendor, I
>>> wanted to ask if any of you had any reservations with respect to the team's
>>> ability to conduct an impartial evaluation and select a vendor to move
>>> forward with?  If there are any concerns, I want to make sure that they are
>>> addressed now, before an announcement has been made.  If not, then you can
>>> expect an announcement in the next few days.  Thank you.
>>>
>>> ~josh
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing listOwasp-board at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20160407/4c9e3a9f/attachment.html>


More information about the Owasp-board mailing list