Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 17 Dec 2017 02:14:16 -0500
From: Qhdwns123 <qhdwns123@...tonmail.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: The Internet Bug Bounty: Data Processing (hackerone.com)

Hello,

I think this project is a good idea.

However, there is a difficulty.

Most of the bugs reported are only PoC files and ASan logs.

Because it takes a lot of analysis time to analyze the bugs and make the RCE (Exploit).

As a result, other bugs are delayed.

Thanks.

> -------- Original Message --------
> Subject: Re: [oss-security] The Internet Bug Bounty: Data Processing (hackerone.com)
> Local Time: October 9, 2017 5:04 PM
> UTC Time: October 9, 2017 8:04 AM
> From: reed@...dloden.com
> To: oss-security@...ts.openwall.com
>
> On Sun, Oct 8, 2017 at 11:24 PM Michael Niedermayer michael@...dermayer.cc
> wrote:
>
>>> We’d love to have FFmpeg in-scope, but the simple reason is that they
>>> don’t
>>> reply to our e-mails. All projects participating must explicitly opt-in,
>>> and we can’t get anybody at FFmpeg to let us know their thoughts on if
>>> they
>>> would like to be added or not.
>>
>> Your mails where misidentified as spam on my side at least, and while
>> i admit i saw them and wanted to reply later i forgot and somehow
>> apparently everyone else forgot to reply too.
>> Finally replied and yes of course FFmpeg wants to participate
>
> Awesome! Thanks for getting back to us.
>
> We've added FFmpeg to the scope at the bottom of
> https://hackerone.com/ibb-data.
>
> Happy hacking,
> ~reed
> (for the IBB)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ