[Owasp-leaders] Security Researcher Challenges

Munir Njiru munir.njiru at owasp.org
Tue Feb 21 05:58:58 UTC 2017

Hi Leaders,

I was wondering what are the challenges you face when you find bugs in
systems without bug bounty programs. I recently came across one and did my
bit on responsible disclosure; the issue was with the licensing system
which allowed me to create a perpetual license that never expires. After
reporting I sought to get a recommendation that would actually work to
build my research portfolio they turned down my offers and opted for giving
me a license instead. What i proposed to them were a few options:

   - A badge showing that a bug was found by the security researcher (not
   giving details of the bug)
   - They do a hall of fame listing for researchers
   - A recommendation letter saying that the researcher found a bug that
   they have fixed after responsible disclosure

The above would really work well to a security researcher's portfolio; but
they are against it. Why I don't know;have any of you come across similar
challenges and how did you overcome them in turn ?

They ended up giving me this and going cold turkey.

[image: Inline image 2]

A one year license as OWASP Kenya ; when i could create a perpetual one
this becomes a very low value additive to research don't you think?.

Kind Regards,
Munir Njenga,
OWASP Chapter Leader (Kenya) || Information Security Consultant || Developer
Mob   (KE) +254 (0) 734960670

Chapter Page: www.owasp.org/index.php/Kenya
Email: munir.njiru at owasp.org
Facebook: https://www.facebook.com/OWASP.Kenya
Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-Kenya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170221/d2ca2f49/attachment.html>

More information about the OWASP-Leaders mailing list