[Owasp-leaders] Kickoff: Bug Bounty Infra for OWASP

Josh Sokol josh.sokol at owasp.org
Tue Jun 21 03:52:51 UTC 2016


Johanna,

The Bug Bounty program for OWASP Infrastructure has been intentionally put
on hold for the time being.  The reason is that we have known issues that
need to be remediated, but Matt hasn't had the time to do it given his
limited cycles.  The Board has made a couple of changes that should impact
this over the next month or so and hopefully move this project in the right
direction.  Once we have a better handle on the current (known) issues,
then we can start exploring the Bug Bounty to find the unknown issues.

~josh

On Mon, Jun 20, 2016 at 9:41 PM, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Frank, Josh
>
> I spoke today with BugCrowd team (Hunter + Jonathan Cran) regarding the
> Bug bounty program for OWASP.
>
> As you known, I'm working on the projects , however not so much traction
> has been done regarding the Bug Bounty for infra.
>
> I mentioned to Bugcrowd that the important piece for a bounty for infra is
> to have mirror setup of Wiki+mailman since we do not want attacks on the
> production environment.
>
> I think the first step is to make sure we are able to replicate the
> environment  checking with Matt Tesauro how can we do this and what is
> needed and make a budget of the costs involved . Once the budget is in
> place, then we can take a look of the organizations that volunteered to
> help us with this part.
>
> For those who volunteered in the past, please contact us to see how can we
> kickoff the Bounty for OWASP infra.
>
> Cheers
>
> --
> Johanna Curiel
> OWASP Volunteer
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160620/0723cc29/attachment.html>


More information about the OWASP-Leaders mailing list