

Let's make sure Heartbleed doesn't happen again. - damncabbage
https://www.crowdtilt.com/campaigns/lets-make-sure-heartbleed-doesnt-happen-again/description

======
damncabbage

      This Crowdtilt will fund a focussed crowdsourced security assessment (otherwise
      known as a bug bounty) on OpenSSL.
      ...
      Security crowdsourcing company Bugcrowd will organize a “sprint bounty;”
      coordinating and incentivising the security research community to thoroughly
      test OpenSSL for potential security concerns.
    

I'm a little worried this is just PR move for Bugcrowd, but it might be
genuinely useful in producing a bunch of bug reports for holes not discovered
yet.

(Having said that, if you're a blackhat the amount you'd get selling or using
anything you found would eclipse whatever Bugcrowd would pay you... But that'd
happen regardless if this ran or not.)

~~~
bugcrowd
We think it'll be useful.

You're right re the payout amount for blackhats, but it only takes one
whitehat to claim a reward for a bug to get killed, and the idea of a sprint
is to get a bunch of them focussed on the same target at the same time. We've
been running sprints alongside the more traditional ongoing bug bounties since
we started, and they're very effective.

Hopefully we will get enough individuals and companies backing this to make
the rewards attractive to the right kinds of researchers.

