[Owasp-board] Working with Bug Crowd on responsible reporting metrics

Tiffany Long tiffany.long at owasp.org
Wed Nov 22 22:52:53 UTC 2017


Perhaps say should be added to our Twitter team during this time so they
can do that support?

On Wed, 22 Nov 2017, 14:54 Andrew van der Stock, <vanderaj at owasp.org> wrote:

> Casey is doing the media. I'm not sure when the articles come out, but I
> will find out when the article comes out and share it with you.
>
> thanks,
> Andrew
>
> On Wed, Nov 22, 2017 at 12:34 PM, Tiffany Long <tiffany.long at owasp.org>
> wrote:
>
>> This is awesome. I assume you will be giving many of the interviews? If
>> so, will we have advanced notice as the articles come out?
>>
>> Best,
>> Tiffany
>>
>>
>> On 22 Nov 2017 2:21 pm, "Andrew van der Stock" <vanderaj at owasp.org>
>> wrote:
>>
>> Hi there,
>>
>> I spoke with Casey Ellis from Bug Crowd this morning. Bug Crowd is going
>> to be working on establishing industry neutral responsible reporting
>> metrics to cover off the gray area between breaches and discovering the
>> potential for a breach, which is the underpinning of trust for both pen
>> tests and bug bounties.
>>
>> There will be media articles soon discussing OWASP's involvement in this
>> community project, especially as a reaction to the Uber attack, where the
>> previous CISO passed off the breach as a bug bounty payout. Which it
>> wasn't. We previously established the OWASP Vulnerabililty Reporting
>> project for this purpose.
>>
>> The OWASP Vulnerability Reporting project, currently has Casey and myself
>> as co-leaders.
>>
>> https://github.com/OWASP/Vulnerability-Reporting-Project
>>
>> They will be working with the industry and pulling in comments from their
>> own testers, and will work with anyone in the industry to achieve consensus
>> on what it means to test for breaches in a responsible / safe way that
>> still demonstrates impact. They are donating this effort to OWASP.
>>
>> thanks,
>> Andrew
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20171122/9935ecaa/attachment.html>


More information about the Owasp-board mailing list