[Owasp-leaders] Bug Hunting at OWASP.org

Jim Manico jim.manico at owasp.org
Thu Feb 11 04:15:46 UTC 2016


A few OWASP researchers have found bugs on OWASP's wiki and decided to 
disclose them in public over twitter before reporting to OWASP.

Can you please disclose to me or Matt Tesauro or use the contact form or 
do anything other than disclose in public before discussing this with 
OWASP IT staff and support?

Also, Josh Sokol is in the middle of ramping up a more formal bug bounty 
program and will provide a more formal method for disclosure in the near 

But in the meantime, here are a few resources to report your findings to 
if you run into security issues (and I use "run into" with intention 
because you would never just start actively testing a website for 
security without permission in some way, right? Because doing so is a 
major criminal act in most countries, right?)

Thanks all.

  * Matt Tesauro: matt.tesauro at owasp.org
  * Jim Manico:  jim at owasp.org
  * Contact Form: https://www.tfaforms.com/308703

Jim Manico
OWASP Global Board Member
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160210/da76351e/attachment-0001.html>

More information about the OWASP-Leaders mailing list