OpenSSL bug hunt: Find NEXT Heartbleed, earn $$$ – if enough people donate cash

  • 18 April 2014
  • 4 replies
  • 1867 views

Userlevel 7

Quarter of a million dollars could be up for grabs

By John Leyden, 16 Apr 2014  An effort to raise $250,000 for an OpenSSL bug-bounty program is underway – and its organisers hope it will help ensure the Heartbleed omnishambles is never repeated.
 
The campaign, spearheaded by computer security startup Bugcrowd, aims to raise the cash by 29 April: the money will be distributed as rewards to infosec bods who discover and report bugs in crucial crypto-library OpenSSL. A pitch on crowdtilt.com explains:
 
With many eyes and the right incentive all bugs are shallow. It's up to the Internet to come to the table and provide the incentive required to make sure wide-scale security exposures like Heartbleed don't happen again.
This Crowdtilt will fund a focussed crowdsourced security assessment (otherwise known as a bug bounty) on OpenSSL. 100 per cent of the proceeds will be offered to security researchers. Any leftover funds will be passed on to the OpenSSL Software Foundation.
 
Anyone can sponsor at any amount. Sponsors will be credited as Defenders of the Internet, and sponsors who commit over $5,000 will be specially mentioned and thanked.
 
Together let’s make the Internet a safer place.
Donations thus far stand at a modest $5,400, but the fund has only just opened. Even so, the fundraiser is working on what looks like a tight deadline.
 
 
Full Article
 
Apologies...but just could not rsist this one...sounds like a glorified, security-based version of the an Easter Egg hunt...LOL

4 replies

Userlevel 7
I think it's a good and effective incentive.
Userlevel 7
Badge +54
A good method of putting bug hunting to a positive use, far better the hunters get paid by the good guys than selling out to the malware pushers.
Userlevel 7
Jasper, you are so, so right!
Userlevel 7
Badge +3
Hope this is a big success, particularly also because OpenSSL Foundation badly needs some support to ensure future stability and security.
 
Heartbleed Exposes a Problem With Open Source, But... - Webroot Community
 
 Heartbleed bug: OpenSSL President Asks For More Money, Support | Digital Trends

Reply