Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 6, 2020 at 8:21 AM Salz, Rich <rsalz=40akamai.com@xxxxxxxxxxxxxx> wrote:
    >    * Whether or not this statement should be supplemented with a "bug bounty" program.

In my experience (several years running openssl.org), bug bounties for websites are not worthwhile.

It really depends on how complicated the website is. Lots of web software companies have bounty programs: <https://hackerone.com/bug-bounty-programs>

I think the IETF infrastructure might be able to use one. Trying it out seems like a reversible decision, too.

thanks,
Rob
 

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux