[Owasp-leaders] OWASP Bug Bounty Program

Timo Goosen timo.goosen at owasp.org
Mon Jan 25 19:14:54 UTC 2016


My 2 cents, don't run a bug bounty program if you don't have the capacity
to respond to the vulnerabilities reported in a timely fashion.

Also adding all owasp projects to the scope of the bug bounty program would
be a bad idea.
Maybe adding the more mature well recognised projects to the scope will be
okay, but not all projects including new projects.

Regards.
Timo

On Sat, Jan 23, 2016 at 1:29 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Frank,
>
> We are looking for complete proposals to manage or provide some kind of
> service for OWASP's potential bug bounty program. Please send a proposal
> our way if you are interested!
>
> Aloha,
> Jim
>
>
>
> On 1/22/16 6:27 PM, Frank Catucci wrote:
>
>> Jim, I'd be interested in assisting with this effort.
>>
>> Regards,
>>
>> Frank
>>
>>
>> On Jan 22, 2016, at 6:12 PM, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>> (Forwarded from the Community list)
>>>
>>> OWASP Community,
>>>
>>> There has been a lot of discussion lately about the possibility of
>>> starting a Bug Bounty program here at OWASP. It could cover OWASP
>>> Foundation assets (the website, servers, etc) as well as interested OWASP
>>> Projects. The scope, payout, and even the types of vulnerabilities that we
>>> honor is yet to be determined. Please consider this an open call that, as
>>> our ED, the OWASP Board, and our Projects Team contemplate what a Bug
>>> Bounty program would mean to OWASP, we are willing to entertain any and all
>>> offers from anyone interested in helping with such a program. Please reach
>>> out to us over the next week or so if you are interested. Thanks!
>>>
>>> Sincerely,
>>>
>>> Josh Sokol
>>> Vice Chair, OWASP Foundation Board of Directors
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160125/94980031/attachment.html>


More information about the OWASP-Leaders mailing list