Date: Mon, 26 Apr 2021 16:36:05 -0400 From: Mason Loring Bliss <mason@blisses.org> To: "linimon@portsmon.org linimon@portsmon.org" <linimon@portsmon.org>, Li-Wen Hsu <lwhsu@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: Bug bounty framework? Message-ID: <20210426203604.GU18217@blisses.org> In-Reply-To: <CAKBkRUx%2BaT7HZmbPO=4nb3y37i86Gi8nWYZGvEShzWij8C4BJQ@mail.gmail.com> <1219846208.215399.1619466917981@privateemail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--uX7BrQs69PbBafpd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 26, 2021 at 02:55:17PM -0500, linimon@portsmon.org linimon@port= smon.org wrote: > And I can't speak for the Foundation, but in order to remain tax-exempt in > the US, it cannot be seen as a "pass-through" place for explicit work. i= =2Ee. > MajorCompanyX can't pay the Foundation to pay someone to do work. Oh, hrm. I'll write to Foundation folks (if they don't see and respond here) to see if something like this would be an acceptable structure legally. I hadn't thought about it from that angle. On Tue, Apr 27, 2021 at 04:12:40AM +0800, Li-Wen Hsu wrote: > I feel it's mixing two different things? IIUC that "bug bounty" > mostly means that an organization (usually a big company) has a prize > to reward the people who report security issues, That was probably not the right terminology for me to use, but it felt close. Another analogy would be a walkathon, where kids sign people up to donate to a charity with the donation being some amount per lap or per mile or however it's measured. I wouldn't have an opinion on a traditional bug bounty, where individuals are rewarded monetarily for reporting bugs. This'd be more a feel-good motivation for folks participating in getting defects fixed - "I helped get this done, and the Foundation benefitted directly as a result." A page on the wiki would probably be sufficient to track these things, since there's no contract involved, if there's interest. I'd be happy to volunteer time to help curate such a thing. I'd love to hear from the Foundation, though, so I'll make contact. --=20 Mason Loring Bliss mason@blisses.org http://blisses.org/ = =20 For more enjoyment and greater efficiency, consumption is being standardize= d. --uX7BrQs69PbBafpd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEEXtBZz1axB5rEDCEnrJXcHbvJVUFAmCHJDIACgkQnrJXcHbv JVUwRxAAiWy9LTIMKvOCft5C/XapKAYUb6495qjuU8KARp2JHNfAmbarMzagICRY RCc5hecjjhu95O8c6B3Oi3Iqyyv/yngDaj2GavFoX3hjEssT1q0YXdWyzq12bzUi HS1eHdOJ+tK/NXB46ENg0S7IQZpnMkZAn4o0xGJvMVQnff0kElCPaqGNaiL2mjJk 87WG7nA/8UusIzHWmE/zbSXxlwAk2QcHK8Zmi6nTowV/nLtRiKz+Ds1FwzgFGoRl gtDlmawdsL0UD1RzDDSx4GicrguHWFG8wlf0wP8ANdIAJQ/vcG+3Pc7QienC3BqO oapj1Cb2hp1vK2EzcEyDr1jtjhKW1oDdbWfxqEexpIeP1zHnqA1f5cxJdRcsCE1n Kid93el39OHuLelpBmHnifUZc0zb7bARmX1whJLl8wM4sjDuN05x5PRKcb4QWep8 8gWky71mwJbsXUais3BkROep4ReQhFvsaaa/ziyMvyxVuEp8CV9c/O8YiN+4L/LU UsbKC84WoAQG1CkvHbeqkvSy88uYbq57Z0+XCaMx6Fj21GykjxMc/UIV2K+6p+/z s230K66oVVkQkBrEpAgQ9SA7DDmBERnSJeJk7obvfMbstBSsQmiIIYCTvg7nAME3 KgVsxQZ9Jwm+PnCJDa9rzrCXd2G34CPtxEm8cdOe6l4Ajhyg5Us= =vDk1 -----END PGP SIGNATURE----- --uX7BrQs69PbBafpd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210426203604.GU18217>