From owner-freebsd-hackers@freebsd.org Mon Apr 26 19:55:21 2021 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0304A5EE52A for ; Mon, 26 Apr 2021 19:55:21 +0000 (UTC) (envelope-from linimon@portsmon.org) Received: from MTA-06-3.privateemail.com (mta-06-3.privateemail.com [198.54.127.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4FTbGb6lRmz4Wcd for ; Mon, 26 Apr 2021 19:55:19 +0000 (UTC) (envelope-from linimon@portsmon.org) Received: from MTA-06.privateemail.com (localhost [127.0.0.1]) by MTA-06.privateemail.com (Postfix) with ESMTP id 235606004D; Mon, 26 Apr 2021 15:55:18 -0400 (EDT) Received: from APP-02 (unknown [10.50.14.152]) by MTA-06.privateemail.com (Postfix) with ESMTPA id 03DF160043; Mon, 26 Apr 2021 15:55:17 -0400 (EDT) Date: Mon, 26 Apr 2021 14:55:17 -0500 (CDT) From: "linimon@portsmon.org linimon@portsmon.org" To: Mason Loring Bliss , freebsd-hackers@freebsd.org Message-ID: <1219846208.215399.1619466917981@privateemail.com> In-Reply-To: <20210425184323.GR18217@blisses.org> References: <20210425184323.GR18217@blisses.org> Subject: Re: Bug bounty framework? MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.4-Rev21 X-Originating-Client: open-xchange-appsuite X-Virus-Scanned: ClamAV using ClamSMTP X-Rspamd-Queue-Id: 4FTbGb6lRmz4Wcd X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of linimon@portsmon.org designates 198.54.127.59 as permitted sender) smtp.mailfrom=linimon@portsmon.org X-Spamd-Result: default: False [-2.30 / 15.00]; RCVD_TLS_LAST(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEFALL_USER(0.00)[linimon]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:198.54.127.32/27]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[portsmon.org]; RBL_DBL_DONT_QUERY_IPS(0.00)[198.54.127.59:from]; SPAMHAUS_ZRD(0.00)[198.54.127.59:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.997]; RCPT_COUNT_TWO(0.00)[2]; HAS_X_PRIO_THREE(0.00)[3]; RCVD_IN_DNSWL_NONE(0.00)[198.54.127.59:from]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:22612, ipnet:198.54.127.0/24, country:US]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Technical discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2021 19:55:21 -0000 > On 04/25/2021 1:43 PM Mason Loring Bliss wrote: > I don't remember this idea coming up previously, so I wanted to see what > folks think about a framework for bug bounties and similar. Actually it _has_ been discussed before, but not very recently. tl;dr: there's demand for it but no one has stepped up to do the work to set it up :-) There was a "general" open source bounty site started 6 or 7 years ago, but it failed to get off the ground. (I am not going to link to it -- the most recent email I got from it was an ad for home improvement work.) And I can't speak for the Foundation, but in order to remain tax-exempt in the US, it cannot be seen as a "pass-through" place for explicit work. i.e. MajorCompanyX can't pay the Foundation to pay someone to do work. Now myself I would think that bugfixes would fall outside of the worry-zone but again I am not associated with the Foundation. So all I can do is to offer you help setting up a wiki page or something. (In the past, I have shied away from setting up some framework myself, because it would then be a conflict of interest for me to take advantage of any of the offers.) mcl