Date: Tue, 27 Apr 2021 04:12:40 +0800 From: Li-Wen Hsu <lwhsu@freebsd.org> To: "linimon@portsmon.org linimon@portsmon.org" <linimon@portsmon.org> Cc: Mason Loring Bliss <mason@blisses.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Bug bounty framework? Message-ID: <CAKBkRUx%2BaT7HZmbPO=4nb3y37i86Gi8nWYZGvEShzWij8C4BJQ@mail.gmail.com> In-Reply-To: <1219846208.215399.1619466917981@privateemail.com> References: <20210425184323.GR18217@blisses.org> <1219846208.215399.1619466917981@privateemail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 27, 2021 at 3:55 AM linimon@portsmon.org linimon@portsmon.org <linimon@portsmon.org> wrote: > > > On 04/25/2021 1:43 PM Mason Loring Bliss <mason@blisses.org> wrote: > > I don't remember this idea coming up previously, so I wanted to see what > > folks think about a framework for bug bounties and similar. > > Actually it _has_ been discussed before, but not very recently. > > tl;dr: there's demand for it but no one has stepped up to do the work to > set it up :-) I feel it's mixing two different things? IIUC that "bug bounty" mostly means that an organization (usually a big company) has a prize to reward the people who report security issues, instead of selling the 0day to the dark net. :-) I'm not sure as an open source, we should have that, but I remember that I see some places there are rewards for reporting kernel security issues, including FreeBSD (and hope they forward the report to our security team.) For the idea the original post described sounds like having a reward for completing a specified task. It's more like a job posting for seeking freelancers. But there is one (or more) for open source projects. Here is an example I remember: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204521#c3 https://www.bountysource.com/issues/75687739-new-driver-request-port-rtsx-from-openbsd-to-freebsd I guess leveraging those external services is better than setting up our own at this point? Bes, Li-Wen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKBkRUx%2BaT7HZmbPO=4nb3y37i86Gi8nWYZGvEShzWij8C4BJQ>