[Owasp-board] Petition budget for OWASP Bug Bounty 2016-2017
johanna curiel curiel
johanna.curiel at owasp.org
Thu Nov 10 13:18:20 UTC 2016
On Thursday, November 10, 2016, psiinon <psiinon at gmail.com> wrote:
> A suggestion.
> Rather than transfer money which might not be used to projects for the bug
> bounty, how about underwriting an amount for relevant projects.
> For example, OWASP could offer to pay 50% of the ZAP bug bounties up to a
> total of $2000, the other 50% to come out of ZAP funds.
> We have nominally set aside $2,000 for the bug bounty from the ZAP funds,
> this would then in effect be raised to $4,000.
> And if (as we hope) no one finds any ZAP RCEs then the money OWASP has
> underwritten will not be tied up.
> On Thu, Nov 10, 2016 at 12:28 PM, psiinon <psiinon at gmail.com
>> Thanks for driving this Johanna!
>> Not surprisingly I'm fully behind this request :)
>> On Thu, Nov 10, 2016 at 12:22 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org
>>> Dear Board,
>>> So far the bug bounty is running since May , and I believe one of the
>>> projects that have benefit most from this program is ZAP.
>>> Others projects which are less popular have not received many
>>> submissions, still valuable feedback.
>>> So far it is clear that for bug hunters to spent time on this there must
>>> be a financial gain, not just kudos. Zap has recently launched monetary
>>> bounties from their own project budget (USD 1000).
>>> My request is to have a Budget of USD 6000 for the Bounty as a support
>>> for projects that are working proactively in their security. ZAP is sure
>>> leading by example and with this budget, we can have the existing
>>> participating projects being challenged by this
>>> For the budget , it will be break down as follows
>>> - ZAP==>USD 2000
>>> - Java Encoder==>USD1000
>>> - Java Sanitizer==> USD 1000
>>> - CRSFGuard==>USD 1000
>>> - Any new project that wants to participate==>USD 1000
>>> We can discuss this during the next OWASP meeting
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board