[Owasp-leaders] Bug Hunting at OWASP.org
jim.manico at owasp.org
Thu Feb 11 04:15:46 UTC 2016
A few OWASP researchers have found bugs on OWASP's wiki and decided to
disclose them in public over twitter before reporting to OWASP.
Can you please disclose to me or Matt Tesauro or use the contact form or
do anything other than disclose in public before discussing this with
OWASP IT staff and support?
Also, Josh Sokol is in the middle of ramping up a more formal bug bounty
program and will provide a more formal method for disclosure in the near
But in the meantime, here are a few resources to report your findings to
if you run into security issues (and I use "run into" with intention
because you would never just start actively testing a website for
security without permission in some way, right? Because doing so is a
major criminal act in most countries, right?)
* Matt Tesauro: matt.tesauro at owasp.org
* Jim Manico: jim at owasp.org
* Contact Form: https://www.tfaforms.com/308703
OWASP Global Board Member
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders