[Owasp-leaders] Kickoff: Bug Bounty Infra for OWASP

Rashad Aliyev microphprashad at gmail.com
Wed Jun 22 01:38:53 UTC 2016


Before start my discuss I need said one of urgent problems in our area is
language. All information about infosec is in english and have little
translates in another languages. Depend of this problem we started to work
like this project now. But this is not only bug bounty. Its vulnerability
rewarding and disclosure project.

On project if etichal hacker found some vulnerability on system sending
information to system and after moderation we activating vunlerability
information and sending this info to source. Also giving point(from 1 to
10) for vulnerability to etickal hacker. It started 2 month ago and in 2
month we received near 100 vulnerabilities. Also we started this project in
testing mode in our (Azerbaijanian) language. For this planning add
language translating service also.
Our features:
- Information about vulnerability in multiple language
- Statistic for etichal hackers
- statistic by vulnerability types(sql injection, csrf etc...)
- statistic by countries
- rewarding and disclousure programs two in one

Site address: www.bugemot.com (currently in Azerbaijanian language)

Current status: Beta testing stage
Future works: Translating platform for etichal hackers, vulnerability
informations, company profile, multilanguage platform

El 22/6/2016 1:00, "johanna curiel curiel" <johanna.curiel at owasp.org>

> Yes Kevin agree.
> We want to able to provide a 'real' bounty once the low hanging fruits are
> over.
> Example: OWASP conference tickets and perks
> On Tue, Jun 21, 2016 at 6:09 PM, John Patrick Lita <
> john.patrick.lita at owasp.org> wrote:
>> Thank you for clarification :)
>> *John Patrick Lita *
>> Manager for cyber security and IT services
>> OWASP Manila chapter chairman
>> FB Page @OwaspManila <https://www.facebook.com/OwaspManila>
>> *https://www.owasp.org/index.php/Manila
>> <https://www.owasp.org/index.php/Manila>*
>> <https://lists.owasp.org/mailman/listinfo/owasp-manila>
>> On Tue, Jun 21, 2016 at 8:53 PM, Frank Catucci <frank.catucci at owasp.org>
>> wrote:
>>> Josh,
>>> Thank you for the update. I will also be in Rome, so if any further
>>> discussions are possible, I would be happy to participate.
>>> Regards,
>>> Frank
>>> On Mon, Jun 20, 2016 at 11:52 PM, Josh Sokol <josh.sokol at owasp.org>
>>> wrote:
>>>> Johanna,
>>>> The Bug Bounty program for OWASP Infrastructure has been intentionally
>>>> put on hold for the time being.  The reason is that we have known issues
>>>> that need to be remediated, but Matt hasn't had the time to do it given his
>>>> limited cycles.  The Board has made a couple of changes that should impact
>>>> this over the next month or so and hopefully move this project in the right
>>>> direction.  Once we have a better handle on the current (known) issues,
>>>> then we can start exploring the Bug Bounty to find the unknown issues.
>>>> ~josh
>>>> On Mon, Jun 20, 2016 at 9:41 PM, johanna curiel curiel <
>>>> johanna.curiel at owasp.org> wrote:
>>>>> Hi Frank, Josh
>>>>> I spoke today with BugCrowd team (Hunter + Jonathan Cran) regarding
>>>>> the Bug bounty program for OWASP.
>>>>> As you known, I'm working on the projects , however not so
>>>>> much traction has been done regarding the Bug Bounty for infra.
>>>>> I mentioned to Bugcrowd that the important piece for a bounty for
>>>>> infra is to have mirror setup of Wiki+mailman since we do not want attacks
>>>>> on the production environment.
>>>>> I think the first step is to make sure we are able to replicate the
>>>>> environment  checking with Matt Tesauro how can we do this and what is
>>>>> needed and make a budget of the costs involved . Once the budget is in
>>>>> place, then we can take a look of the organizations that volunteered to
>>>>> help us with this part.
>>>>> For those who volunteered in the past, please contact us to see how
>>>>> can we kickoff the Bounty for OWASP infra.
>>>>> Cheers
>>>>> --
>>>>> Johanna Curiel
>>>>> OWASP Volunteer
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> Johanna Curiel
> OWASP Volunteer
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160622/368116a7/attachment-0001.html>

More information about the OWASP-Leaders mailing list