NNSquad - Network Neutrality Squad
[ NNSquad ] Going beyond vulnerability rewards
Going beyond vulnerability rewards
http://j.mp/19j7S2G (Google Online Security Blog)
"We thought about simply kicking off an OSS bug-hunting program, but
this approach can easily backfire. In addition to valid reports, bug
bounties invite a significant volume of spurious traffic - enough to
completely overwhelm a small community of volunteers. On top of this,
fixing a problem often requires more effort than finding it. So we
decided to try something new: provide financial incentives for
down-to-earth, proactive improvements that go beyond merely fixing a
known security bug. Whether you want to switch to a more secure
allocator, to add privilege separation, to clean up a bunch of sketchy
calls to strcat(), or even just to enable ASLR - we want to help! We
intend to roll out the program gradually, based on the quality of the
received submissions and the feedback from the developer community.
For the initial run, we decided to limit the scope to the following
projects ..."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad