[Owasp-leaders] Kickoff: Bug Bounty Infra for OWASP

Frank Catucci frank.catucci at owasp.org
Tue Jun 21 12:53:57 UTC 2016


Josh,

Thank you for the update. I will also be in Rome, so if any further
discussions are possible, I would be happy to participate.

Regards,

Frank


On Mon, Jun 20, 2016 at 11:52 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Johanna,
>
> The Bug Bounty program for OWASP Infrastructure has been intentionally put
> on hold for the time being.  The reason is that we have known issues that
> need to be remediated, but Matt hasn't had the time to do it given his
> limited cycles.  The Board has made a couple of changes that should impact
> this over the next month or so and hopefully move this project in the right
> direction.  Once we have a better handle on the current (known) issues,
> then we can start exploring the Bug Bounty to find the unknown issues.
>
> ~josh
>
> On Mon, Jun 20, 2016 at 9:41 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Hi Frank, Josh
>>
>> I spoke today with BugCrowd team (Hunter + Jonathan Cran) regarding the
>> Bug bounty program for OWASP.
>>
>> As you known, I'm working on the projects , however not so much traction
>> has been done regarding the Bug Bounty for infra.
>>
>> I mentioned to Bugcrowd that the important piece for a bounty for infra
>> is to have mirror setup of Wiki+mailman since we do not want attacks on the
>> production environment.
>>
>> I think the first step is to make sure we are able to replicate the
>> environment  checking with Matt Tesauro how can we do this and what is
>> needed and make a budget of the costs involved . Once the budget is in
>> place, then we can take a look of the organizations that volunteered to
>> help us with this part.
>>
>> For those who volunteered in the past, please contact us to see how can
>> we kickoff the Bounty for OWASP infra.
>>
>> Cheers
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160621/710e6d7b/attachment.html>


More information about the OWASP-Leaders mailing list