[Owasp-board] Petition budget for OWASP Bug Bounty 2016-2017

Bil Corry bil.corry at owasp.org
Thu Nov 10 16:07:54 UTC 2016


What are the proposed bounty amounts?  Who decides which bugs qualify and
how much is paid?  What happens when the $6k runs out?

And to gauge the flow of funds, pretend you had been paying a bounty, how
much would you have paid so far on the already-received bugs?


- Bil

On Thu, Nov 10, 2016 at 5:22 AM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Dear Board,
>
> So far the bug bounty is running since May , and I believe one of the
> projects that have benefit most from this program is ZAP.
>
> Others projects which are less popular have not received many submissions,
> still valuable feedback.
>
> So far it is clear that for bug hunters to spent time on this there must
> be a financial gain, not just kudos. Zap has recently launched monetary
> bounties from their own project budget (USD 1000).
>
> My request is to have a Budget of USD 6000 for the Bounty as a support for
> projects that are working proactively in their security. ZAP is sure
> leading by example and with this budget, we can have the existing
> participating projects   being challenged by this
>
> For the budget , it will be break down as follows
>
>    - ZAP==>USD 2000
>    - Java Encoder==>USD1000
>    - Java Sanitizer==> USD 1000
>    - CRSFGuard==>USD 1000
>    - Any new project that wants to participate==>USD 1000
>
> We can discuss this during the next OWASP meeting
>
> Regards
>
> Johanna
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20161110/153accb0/attachment.html>


More information about the Owasp-board mailing list