Bug Bounty program

den

why not do a bug bounty program on hackerone.com or bugcrowd.com? We could use the 888 octo donated (if the community agree of course) to pay the researchers that find vulnerabilities on the site. After all, vulnerabilities always exist also in the sites more secure, for example Facebook, Apple, Google and many more run these bug bounty programs

Burr_scurr

888 octo really seems too much to just give away.
I like the idea but we shouldn't use that much of resources for the bounty

TMod_Marco

I agree with Burr_Scuur, for bug bounties I'd set up bounties with specific rewards set for specific parts of the ecosystem. Based on vulnerability, impact and the severity of the specific reported bug.

This would keep rewards / costs variable, rather than a fixed pool being offered during a certain time period.

den

TMod_Marco yeah! sure i agree with you 🙂 every vulnerability type has its impact and its correspondent reward. With that post i wanted only introduce the idea of a bug bounty program and maybe use part of the 888 donaton for it 🐙💪🏻

CFow

den Great idea but I don't think the donated 888 needs to be put towards a BBP. Lots of space in the reserves to fund something like this imo when the time is right.

nathanj

I'm updating our repositories this week to make a Bug Bounty Program more viable as an option.
All bugs and feature requests are being reported on GitHub for open source contributors to do for free.

I'd like to see larger Feature Requests and Bugs tied to a Bounty which can be funded by the project reserves, pending an approval of an OIP which I'd like to create in the coming days.