Bug bounty framework?
linimon@portsmon.org linimon@portsmon.org
linimon at portsmon.org
Mon Apr 26 19:55:21 UTC 2021
> On 04/25/2021 1:43 PM Mason Loring Bliss <mason at blisses.org> wrote:
> I don't remember this idea coming up previously, so I wanted to see what
> folks think about a framework for bug bounties and similar.
Actually it _has_ been discussed before, but not very recently.
tl;dr: there's demand for it but no one has stepped up to do the work to
set it up :-)
There was a "general" open source bounty site started 6 or 7 years ago, but
it failed to get off the ground. (I am not going to link to it -- the most
recent email I got from it was an ad for home improvement work.)
And I can't speak for the Foundation, but in order to remain tax-exempt in
the US, it cannot be seen as a "pass-through" place for explicit work. i.e.
MajorCompanyX can't pay the Foundation to pay someone to do work.
Now myself I would think that bugfixes would fall outside of the worry-zone but
again I am not associated with the Foundation. So all I can do is to offer you
help setting up a wiki page or something. (In the past, I have shied away from
setting up some framework myself, because it would then be a conflict of interest
for me to take advantage of any of the offers.)
mcl
More information about the freebsd-hackers
mailing list