Date: Thu, 28 Sep 2017 21:25:41 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: The Internet Bug Bounty: Data Processing (hackerone.com) Since these open-source software projects have been actively fixing security issues and some of the issues has been announced in oss-security mailing list I am writing about this hackerone project here as well: https://hackerone.com/ibb-data Policy: The Internet Bug Bounty is offering rewards to security researchers who resolve critical vulnerabilities in core infrastructure data processing libraries. Critical vulnerabilities in these libraries have widespread consequences to the internet community. Bounty Qualification: - Only Critical vulnerabilities that demonstrate unambiguous remote code execution are eligible under this program. Findings with alternative impact or severity are not in scope at this time. - Your Proof of Concept MUST demonstrate that remote exploitation can be easily, actively, and reliably achieved. - Only versions currently supported by the upstream project are eligible. Please verify your issue is present in a current release before submission. - The individual library maintainers have final decision on which issues constitute security vulnerabilities. The Panel will respect their decision, and we ask that you do as well. It's important to keep in mind that not all submissions will qualify for a bounty, and that the decision to award a bounty is entirely at the discretion of the Panel. In scope projects currently: https://github.com/the-tcpdump-group/libpcap https://github.com/ImageMagick/ImageMagick https://github.com/glennrp/libpng http://hg.code.sf.net/p/graphicsmagick/code/ https://github.com/curl/curl https://github.com/the-tcpdump-group/tcpdump I hope to motivate people with this email. I understand that oss-security mailing list is not meant to announce these in regular basis, but I consider this hackerone project highly relevant for the researchers reading this list. Also if you have spare time please help projects like Google's oss-fuzz https://github.com/google/oss-fuzz to get us more safer internet for everyone. -- Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.