[Owasp-leaders] OSS Bug Bounty

Tom Brennan tomb at owasp.org
Mon Oct 14 15:27:31 UTC 2013


If you have been following BUG BOUNTY efforts

"We intend to roll out the program gradually, based on the quality of
the received submissions and the feedback from the developer
community. For the initial run, we decided to limit the scope to the
following projects:

Core infrastructure network services: OpenSSH, BIND, ISC DHCP
Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib
Open-source foundations of Google Chrome: Chromium, Blink
Other high-impact libraries: OpenSSL, zlib
Security-critical, commonly used components of the Linux kernel (including KVM)

We intend to soon extend the program to:

Widely used web servers: Apache httpd, lighttpd, nginx
Popular SMTP services: Sendmail, Postfix, Exim
Toolchain security improvements for GCC, binutils, and llvm
Virtual private networking: OpenVPN "

http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html

Efforts like these (Bug Bounty) is why OWASP is shining a LIGHT on
them at AppSecUSA

Details:  http://appsecusa.org/2013/activities/bug-bounty-group-hack/

There is (1) day left to buy a ticket and save $200 - we hope to see
you in Novembe for ALL of the Builder, Breaker and Defender activities
planned!

Brennan


More information about the OWASP-Leaders mailing list