[Owasp-leaders] Kickoff: Bug Bounty Infra for OWASP

johanna curiel curiel johanna.curiel at owasp.org
Tue Jun 21 22:57:12 UTC 2016


Yes Kevin agree.

We want to able to provide a 'real' bounty once the low hanging fruits are
over.

Example: OWASP conference tickets and perks

On Tue, Jun 21, 2016 at 6:09 PM, John Patrick Lita <
john.patrick.lita at owasp.org> wrote:

> Thank you for clarification :)
>
> *John Patrick Lita *
> Manager for cyber security and IT services
> OWASP Manila chapter chairman
> FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
> *https://www.owasp.org/index.php/Manila
> <https://www.owasp.org/index.php/Manila>*
> <https://lists.owasp.org/mailman/listinfo/owasp-manila>
>
> On Tue, Jun 21, 2016 at 8:53 PM, Frank Catucci <frank.catucci at owasp.org>
> wrote:
>
>> Josh,
>>
>> Thank you for the update. I will also be in Rome, so if any further
>> discussions are possible, I would be happy to participate.
>>
>> Regards,
>>
>> Frank
>>
>>
>> On Mon, Jun 20, 2016 at 11:52 PM, Josh Sokol <josh.sokol at owasp.org>
>> wrote:
>>
>>> Johanna,
>>>
>>> The Bug Bounty program for OWASP Infrastructure has been intentionally
>>> put on hold for the time being.  The reason is that we have known issues
>>> that need to be remediated, but Matt hasn't had the time to do it given his
>>> limited cycles.  The Board has made a couple of changes that should impact
>>> this over the next month or so and hopefully move this project in the right
>>> direction.  Once we have a better handle on the current (known) issues,
>>> then we can start exploring the Bug Bounty to find the unknown issues.
>>>
>>> ~josh
>>>
>>> On Mon, Jun 20, 2016 at 9:41 PM, johanna curiel curiel <
>>> johanna.curiel at owasp.org> wrote:
>>>
>>>> Hi Frank, Josh
>>>>
>>>> I spoke today with BugCrowd team (Hunter + Jonathan Cran) regarding
>>>> the Bug bounty program for OWASP.
>>>>
>>>> As you known, I'm working on the projects , however not so
>>>> much traction has been done regarding the Bug Bounty for infra.
>>>>
>>>> I mentioned to Bugcrowd that the important piece for a bounty for infra
>>>> is to have mirror setup of Wiki+mailman since we do not want attacks on the
>>>> production environment.
>>>>
>>>> I think the first step is to make sure we are able to replicate the
>>>> environment  checking with Matt Tesauro how can we do this and what is
>>>> needed and make a budget of the costs involved . Once the budget is in
>>>> place, then we can take a look of the organizations that volunteered to
>>>> help us with this part.
>>>>
>>>> For those who volunteered in the past, please contact us to see how can
>>>> we kickoff the Bounty for OWASP infra.
>>>>
>>>> Cheers
>>>>
>>>> --
>>>> Johanna Curiel
>>>> OWASP Volunteer
>>>>
>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160621/8f313120/attachment.html>


More information about the OWASP-Leaders mailing list