[Owasp-leaders] Kickoff: Bug Bounty Infra for OWASP

John Patrick Lita john.patrick.lita at owasp.org
Tue Jun 21 22:09:17 UTC 2016

Thank you for clarification :)

*John Patrick Lita *
Manager for cyber security and IT services
OWASP Manila chapter chairman
FB Page @OwaspManila <https://www.facebook.com/OwaspManila>

On Tue, Jun 21, 2016 at 8:53 PM, Frank Catucci <frank.catucci at owasp.org>

> Josh,
> Thank you for the update. I will also be in Rome, so if any further
> discussions are possible, I would be happy to participate.
> Regards,
> Frank
> On Mon, Jun 20, 2016 at 11:52 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> Johanna,
>> The Bug Bounty program for OWASP Infrastructure has been intentionally
>> put on hold for the time being.  The reason is that we have known issues
>> that need to be remediated, but Matt hasn't had the time to do it given his
>> limited cycles.  The Board has made a couple of changes that should impact
>> this over the next month or so and hopefully move this project in the right
>> direction.  Once we have a better handle on the current (known) issues,
>> then we can start exploring the Bug Bounty to find the unknown issues.
>> ~josh
>> On Mon, Jun 20, 2016 at 9:41 PM, johanna curiel curiel <
>> johanna.curiel at owasp.org> wrote:
>>> Hi Frank, Josh
>>> I spoke today with BugCrowd team (Hunter + Jonathan Cran) regarding the
>>> Bug bounty program for OWASP.
>>> As you known, I'm working on the projects , however not so much traction
>>> has been done regarding the Bug Bounty for infra.
>>> I mentioned to Bugcrowd that the important piece for a bounty for infra
>>> is to have mirror setup of Wiki+mailman since we do not want attacks on the
>>> production environment.
>>> I think the first step is to make sure we are able to replicate the
>>> environment  checking with Matt Tesauro how can we do this and what is
>>> needed and make a budget of the costs involved . Once the budget is in
>>> place, then we can take a look of the organizations that volunteered to
>>> help us with this part.
>>> For those who volunteered in the past, please contact us to see how can
>>> we kickoff the Bounty for OWASP infra.
>>> Cheers
>>> --
>>> Johanna Curiel
>>> OWASP Volunteer
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160622/3bfc025b/attachment.html>

More information about the OWASP-Leaders mailing list