The Heartbleed vulnerability affected all of us, and the question that still remains is what other bugs still exist in OpenSSL that we don’t know about? This is your opportunity as an Internet citizen or business to be a part of funding a focussed crowdsourced security assessment to find the next Heartbleed.
The bigger the reward pool, the more attention this project will receive from the security research community.
With many eyes and the right incentive all bugs are shallow.
100% of the proceeds will be offered to security researchers. Any leftover funds will be passed on to the OpenSSL Software Foundation. Bugcrowd will administer the bounty at it’s own expense.
We’re looking for corporate sponsors to create a reward pool that attracts the necessary talent from the security research community. We’re also opening this Crowdtilt up for *everyone*… Heartbleed affected everyone on the Internet, and we believe in giving everyone the opportunity to contribute.
Sponsors will be credited as Defenders of the Internet, and sponsors who commit over $5,000 will be specially mentioned and thanked.
Together let’s make the Internet a safer place.
An open letter available at https://blog.bugcrowd.com/crowdfunded-bounty-lets-make-sure-heartbleed-doesnt-happen-again
Casey Ellis, CEO of Bugcrowd, @bugcrowd