The Heartbleed vulnerability affected all of us, and the question that still remains is what other bugs still exist in OpenSSL that we don’t know about? This is your opportunity as an Internet citizen or business to be a part of funding a focussed crowdsourced security assessment to find the next Heartbleed.
The bigger the reward pool, the more attention this project will receive from the security research community.
With many eyes and the right incentive all bugs are shallow.
100% of the proceeds will be offered to security researchers. Any leftover funds will be passed on to the OpenSSL Software Foundation. Bugcrowd will administer the bounty at it’s own expense.
We’re looking for corporate sponsors to create a reward pool that attracts the necessary talent from the security research community. We’re also opening this Crowdtilt up for *everyone*… Heartbleed affected everyone on the Internet, and we believe in giving everyone the opportunity to contribute.
Sponsors will be credited as Defenders of the Internet, and sponsors who commit over $5,000 will be specially mentioned and thanked.
Together let’s make the Internet a safer place.
An open letter available at https://blog.bugcrowd.com/crowdfunded-bounty-lets-make-sure-heartbleed-doesnt-happen-again
Casey Ellis, CEO of Bugcrowd, @bugcrowd
Bio: Casey has spent 12 years in information security, servicing clients ranging from startups to multinational corporations as a security and risk consultant and solutions architect. At some point he realized he was quite fond of product and startups and went on to found Bugcrowd Inc, where he now sits as CEO. He likes thinking like a bad guy (while not actually being one).
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
