[Owasp-leaders] Bug Bounty for Projects

Claudia Casanovas claudia.aviles-casanovas at owasp.org
Mon Apr 18 20:40:39 UTC 2016


Hi Johanna,

Please let me know if you need any assistance.


Thank you

On Mon, Apr 18, 2016 at 12:22 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Jim, Josh & project leaders of Defender projects
>
> While there has been discussions regarding a budget for a Bug Bounty
> http://lists.owasp.org/pipermail/owasp-board/2016-April/017100.html
>
> I want to make clear that , during the meetings we had with Bugcrowd, we
> spoke about starting the program for Security Libraries or Defender
> projects (like SeraphimDroid) with the Kudos program
>
> They also advised us to start this way so the low hanging fruits are found
> first
>
> In a later phase we could determine finding sponsors for paying bug
> bounties after this phase, but this has not been defined yet.
>
> Also to clarify, I'm not part of any bug bounty related to OWASP assets,
> especially because I agree 100% with Matt Tesauro, who has clarified all
> the issues regarding this.
> http://lists.owasp.org/pipermail/owasp-board/2016-April/017091.html
>
> Common sense and best practices dictates that there should be a mirror QA
> environment instead of allowing hackers go against OWASP production
> environment.
>
>
> Regards
>
>
> --
> Johanna Curiel
> OWASP Volunteer
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 


Claudia Aviles-Casanovas <claudia.aviles-casanovas at owasp.org>
Project Coordinator
Phone:973-288-1697
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160418/b2950189/attachment.html>


More information about the OWASP-Leaders mailing list