NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Going beyond vulnerability rewards

Going beyond vulnerability rewards

http://j.mp/19j7S2G  (Google Online Security Blog)

   "We thought about simply kicking off an OSS bug-hunting program, but
    this approach can easily backfire. In addition to valid reports, bug
    bounties invite a significant volume of spurious traffic - enough to
    completely overwhelm a small community of volunteers. On top of this,
    fixing a problem often requires more effort than finding it.  So we
    decided to try something new: provide financial incentives for
    down-to-earth, proactive improvements that go beyond merely fixing a
    known security bug. Whether you want to switch to a more secure
    allocator, to add privilege separation, to clean up a bunch of sketchy
    calls to strcat(), or even just to enable ASLR - we want to help!  We
    intend to roll out the program gradually, based on the quality of the
    received submissions and the feedback from the developer community.
    For the initial run, we decided to limit the scope to the following
    projects ..."

 - - -

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list