[Owasp-board] Working with Bug Crowd on responsible reporting metrics

Tiffany Long tiffany.long at owasp.org
Wed Nov 22 20:34:34 UTC 2017

This is awesome. I assume you will be giving many of the interviews? If so,
will we have advanced notice as the articles come out?


On 22 Nov 2017 2:21 pm, "Andrew van der Stock" <vanderaj at owasp.org> wrote:

Hi there,

I spoke with Casey Ellis from Bug Crowd this morning. Bug Crowd is going to
be working on establishing industry neutral responsible reporting metrics
to cover off the gray area between breaches and discovering the potential
for a breach, which is the underpinning of trust for both pen tests and bug

There will be media articles soon discussing OWASP's involvement in this
community project, especially as a reaction to the Uber attack, where the
previous CISO passed off the breach as a bug bounty payout. Which it
wasn't. We previously established the OWASP Vulnerabililty Reporting
project for this purpose.

The OWASP Vulnerability Reporting project, currently has Casey and myself
as co-leaders.


They will be working with the industry and pulling in comments from their
own testers, and will work with anyone in the industry to achieve consensus
on what it means to test for breaches in a responsible / safe way that
still demonstrates impact. They are donating this effort to OWASP.


Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20171122/5efbc92d/attachment.html>

More information about the Owasp-board mailing list