[Owasp-board] Working with Bug Crowd on responsible reporting metrics
Andrew van der Stock
vanderaj at owasp.org
Wed Nov 22 20:54:26 UTC 2017
Casey is doing the media. I'm not sure when the articles come out, but I
will find out when the article comes out and share it with you.
On Wed, Nov 22, 2017 at 12:34 PM, Tiffany Long <tiffany.long at owasp.org>
> This is awesome. I assume you will be giving many of the interviews? If
> so, will we have advanced notice as the articles come out?
> On 22 Nov 2017 2:21 pm, "Andrew van der Stock" <vanderaj at owasp.org> wrote:
> Hi there,
> I spoke with Casey Ellis from Bug Crowd this morning. Bug Crowd is going
> to be working on establishing industry neutral responsible reporting
> metrics to cover off the gray area between breaches and discovering the
> potential for a breach, which is the underpinning of trust for both pen
> tests and bug bounties.
> There will be media articles soon discussing OWASP's involvement in this
> community project, especially as a reaction to the Uber attack, where the
> previous CISO passed off the breach as a bug bounty payout. Which it
> wasn't. We previously established the OWASP Vulnerabililty Reporting
> project for this purpose.
> The OWASP Vulnerability Reporting project, currently has Casey and myself
> as co-leaders.
> They will be working with the industry and pulling in comments from their
> own testers, and will work with anyone in the industry to achieve consensus
> on what it means to test for breaches in a responsible / safe way that
> still demonstrates impact. They are donating this effort to OWASP.
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board