[Owasp-board] Working with Bug Crowd on responsible reporting metrics
tiffany.long at owasp.org
Wed Nov 22 22:52:53 UTC 2017
Perhaps say should be added to our Twitter team during this time so they
can do that support?
On Wed, 22 Nov 2017, 14:54 Andrew van der Stock, <vanderaj at owasp.org> wrote:
> Casey is doing the media. I'm not sure when the articles come out, but I
> will find out when the article comes out and share it with you.
> On Wed, Nov 22, 2017 at 12:34 PM, Tiffany Long <tiffany.long at owasp.org>
>> This is awesome. I assume you will be giving many of the interviews? If
>> so, will we have advanced notice as the articles come out?
>> On 22 Nov 2017 2:21 pm, "Andrew van der Stock" <vanderaj at owasp.org>
>> Hi there,
>> I spoke with Casey Ellis from Bug Crowd this morning. Bug Crowd is going
>> to be working on establishing industry neutral responsible reporting
>> metrics to cover off the gray area between breaches and discovering the
>> potential for a breach, which is the underpinning of trust for both pen
>> tests and bug bounties.
>> There will be media articles soon discussing OWASP's involvement in this
>> community project, especially as a reaction to the Uber attack, where the
>> previous CISO passed off the breach as a bug bounty payout. Which it
>> wasn't. We previously established the OWASP Vulnerabililty Reporting
>> project for this purpose.
>> The OWASP Vulnerability Reporting project, currently has Casey and myself
>> as co-leaders.
>> They will be working with the industry and pulling in comments from their
>> own testers, and will work with anyone in the industry to achieve consensus
>> on what it means to test for breaches in a responsible / safe way that
>> still demonstrates impact. They are donating this effort to OWASP.
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board