[Owasp-board] Petition budget for OWASP Bug Bounty 2016-2017

johanna curiel curiel johanna.curiel at owasp.org
Thu Nov 10 13:18:20 UTC 2016


Agree

On Thursday, November 10, 2016, psiinon <psiinon at gmail.com> wrote:

> A suggestion.
> Rather than transfer money which might not be used to projects for the bug
> bounty, how about underwriting an amount for relevant projects.
> For example, OWASP could offer to pay 50% of the ZAP bug bounties up to a
> total of $2000, the other 50% to come out of ZAP funds.
> We have nominally set aside $2,000 for the bug bounty from the ZAP funds,
> this would then in effect be raised to $4,000.
> And if (as we hope) no one finds any ZAP RCEs then the money OWASP has
> underwritten will not be tied up.
>
> Cheers,
>
> Simon
>
> On Thu, Nov 10, 2016 at 12:28 PM, psiinon <psiinon at gmail.com
> <javascript:_e(%7B%7D,'cvml','psiinon at gmail.com');>> wrote:
>
>> Thanks for driving this Johanna!
>>
>> Not surprisingly I'm fully behind this request :)
>>
>> Cheers,
>>
>> Simon
>>
>> On Thu, Nov 10, 2016 at 12:22 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org
>> <javascript:_e(%7B%7D,'cvml','johanna.curiel at owasp.org');>> wrote:
>>
>>> Dear Board,
>>>
>>> So far the bug bounty is running since May , and I believe one of the
>>> projects that have benefit most from this program is ZAP.
>>>
>>> Others projects which are less popular have not received many
>>> submissions, still valuable feedback.
>>>
>>> So far it is clear that for bug hunters to spent time on this there must
>>> be a financial gain, not just kudos. Zap has recently launched monetary
>>> bounties from their own project budget (USD 1000).
>>>
>>> My request is to have a Budget of USD 6000 for the Bounty as a support
>>> for projects that are working proactively in their security. ZAP is sure
>>> leading by example and with this budget, we can have the existing
>>> participating projects   being challenged by this
>>>
>>> For the budget , it will be break down as follows
>>>
>>>    - ZAP==>USD 2000
>>>    - Java Encoder==>USD1000
>>>    - Java Sanitizer==> USD 1000
>>>    - CRSFGuard==>USD 1000
>>>    - Any new project that wants to participate==>USD 1000
>>>
>>> We can discuss this during the next OWASP meeting
>>>
>>> Regards
>>>
>>> Johanna
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-board mailing list
>>> Owasp-board at lists.owasp.org
>>> <javascript:_e(%7B%7D,'cvml','Owasp-board at lists.owasp.org');>
>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>
>
>
> --
> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161110/64f72bcd/attachment.html>


More information about the Owasp-board mailing list