[Owasp-leaders] Bug Bounty for Projects
johanna curiel curiel
johanna.curiel at owasp.org
Mon Apr 18 19:22:10 UTC 2016
Hi Jim, Josh & project leaders of Defender projects
While there has been discussions regarding a budget for a Bug Bounty
I want to make clear that , during the meetings we had with Bugcrowd, we
spoke about starting the program for Security Libraries or Defender
projects (like SeraphimDroid) with the Kudos program
They also advised us to start this way so the low hanging fruits are found
In a later phase we could determine finding sponsors for paying bug
bounties after this phase, but this has not been defined yet.
Also to clarify, I'm not part of any bug bounty related to OWASP assets,
especially because I agree 100% with Matt Tesauro, who has clarified all
the issues regarding this.
Common sense and best practices dictates that there should be a mirror QA
environment instead of allowing hackers go against OWASP production
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders