[Owasp-leaders] OWASP Bug Bounty Program
timo.goosen at owasp.org
Mon Jan 25 19:14:54 UTC 2016
My 2 cents, don't run a bug bounty program if you don't have the capacity
to respond to the vulnerabilities reported in a timely fashion.
Also adding all owasp projects to the scope of the bug bounty program would
be a bad idea.
Maybe adding the more mature well recognised projects to the scope will be
okay, but not all projects including new projects.
On Sat, Jan 23, 2016 at 1:29 AM, Jim Manico <jim.manico at owasp.org> wrote:
> We are looking for complete proposals to manage or provide some kind of
> service for OWASP's potential bug bounty program. Please send a proposal
> our way if you are interested!
> On 1/22/16 6:27 PM, Frank Catucci wrote:
>> Jim, I'd be interested in assisting with this effort.
>> On Jan 22, 2016, at 6:12 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>> (Forwarded from the Community list)
>>> OWASP Community,
>>> There has been a lot of discussion lately about the possibility of
>>> starting a Bug Bounty program here at OWASP. It could cover OWASP
>>> Foundation assets (the website, servers, etc) as well as interested OWASP
>>> Projects. The scope, payout, and even the types of vulnerabilities that we
>>> honor is yet to be determined. Please consider this an open call that, as
>>> our ED, the OWASP Board, and our Projects Team contemplate what a Bug
>>> Bounty program would mean to OWASP, we are willing to entertain any and all
>>> offers from anyone interested in helping with such a program. Please reach
>>> out to us over the next week or so if you are interested. Thanks!
>>> Josh Sokol
>>> Vice Chair, OWASP Foundation Board of Directors
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders