[Owasp-leaders] Kickoff: Bug Bounty Infra for OWASP

John Patrick Lita john.patrick.lita at owasp.org
Tue Jun 21 22:09:17 UTC 2016


Thank you for clarification :)

*John Patrick Lita *
Manager for cyber security and IT services
OWASP Manila chapter chairman
FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
*https://www.owasp.org/index.php/Manila
<https://www.owasp.org/index.php/Manila>*
<https://lists.owasp.org/mailman/listinfo/owasp-manila>

On Tue, Jun 21, 2016 at 8:53 PM, Frank Catucci <frank.catucci at owasp.org>
wrote:

> Josh,
>
> Thank you for the update. I will also be in Rome, so if any further
> discussions are possible, I would be happy to participate.
>
> Regards,
>
> Frank
>
>
> On Mon, Jun 20, 2016 at 11:52 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>
>> Johanna,
>>
>> The Bug Bounty program for OWASP Infrastructure has been intentionally
>> put on hold for the time being.  The reason is that we have known issues
>> that need to be remediated, but Matt hasn't had the time to do it given his
>> limited cycles.  The Board has made a couple of changes that should impact
>> this over the next month or so and hopefully move this project in the right
>> direction.  Once we have a better handle on the current (known) issues,
>> then we can start exploring the Bug Bounty to find the unknown issues.
>>
>> ~josh
>>
>> On Mon, Jun 20, 2016 at 9:41 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>
>>> Hi Frank, Josh
>>>
>>> I spoke today with BugCrowd team (Hunter + Jonathan Cran) regarding the
>>> Bug bounty program for OWASP.
>>>
>>> As you known, I'm working on the projects , however not so much traction
>>> has been done regarding the Bug Bounty for infra.
>>>
>>> I mentioned to Bugcrowd that the important piece for a bounty for infra
>>> is to have mirror setup of Wiki+mailman since we do not want attacks on the
>>> production environment.
>>>
>>> I think the first step is to make sure we are able to replicate the
>>> environment  checking with Matt Tesauro how can we do this and what is
>>> needed and make a budget of the costs involved . Once the budget is in
>>> place, then we can take a look of the organizations that volunteered to
>>> help us with this part.
>>>
>>> For those who volunteered in the past, please contact us to see how can
>>> we kickoff the Bounty for OWASP infra.
>>>
>>> Cheers
>>>
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
>>>
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160622/3bfc025b/attachment.html>


More information about the OWASP-Leaders mailing list