Date: Mon, 26 Apr 2021 14:55:17 -0500 (CDT) From: "linimon@portsmon.org linimon@portsmon.org" <linimon@portsmon.org> To: Mason Loring Bliss <mason@blisses.org>, freebsd-hackers@freebsd.org Subject: Re: Bug bounty framework? Message-ID: <1219846208.215399.1619466917981@privateemail.com> In-Reply-To: <20210425184323.GR18217@blisses.org> References: <20210425184323.GR18217@blisses.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 04/25/2021 1:43 PM Mason Loring Bliss <mason@blisses.org> wrote: > I don't remember this idea coming up previously, so I wanted to see what > folks think about a framework for bug bounties and similar. Actually it _has_ been discussed before, but not very recently. tl;dr: there's demand for it but no one has stepped up to do the work to set it up :-) There was a "general" open source bounty site started 6 or 7 years ago, but it failed to get off the ground. (I am not going to link to it -- the most recent email I got from it was an ad for home improvement work.) And I can't speak for the Foundation, but in order to remain tax-exempt in the US, it cannot be seen as a "pass-through" place for explicit work. i.e. MajorCompanyX can't pay the Foundation to pay someone to do work. Now myself I would think that bugfixes would fall outside of the worry-zone but again I am not associated with the Foundation. So all I can do is to offer you help setting up a wiki page or something. (In the past, I have shied away from setting up some framework myself, because it would then be a conflict of interest for me to take advantage of any of the offers.) mcl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1219846208.215399.1619466917981>