[Owasp-leaders] Bug Bounty for Projects

johanna curiel curiel johanna.curiel at owasp.org
Mon Apr 18 19:22:10 UTC 2016


Hi Jim, Josh & project leaders of Defender projects

While there has been discussions regarding a budget for a Bug Bounty
http://lists.owasp.org/pipermail/owasp-board/2016-April/017100.html

I want to make clear that , during the meetings we had with Bugcrowd, we
spoke about starting the program for Security Libraries or Defender
projects (like SeraphimDroid) with the Kudos program

They also advised us to start this way so the low hanging fruits are found
first

In a later phase we could determine finding sponsors for paying bug
bounties after this phase, but this has not been defined yet.

Also to clarify, I'm not part of any bug bounty related to OWASP assets,
especially because I agree 100% with Matt Tesauro, who has clarified all
the issues regarding this.
http://lists.owasp.org/pipermail/owasp-board/2016-April/017091.html

Common sense and best practices dictates that there should be a mirror QA
environment instead of allowing hackers go against OWASP production
environment.


Regards


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160418/66c26497/attachment.html>


More information about the OWASP-Leaders mailing list