Dumb idea, though I thought it was cool. By posting this, I'm not claiming that any part of this software is insecure, rather I'm brainstorming ideas to make it even more secure by encouraging 'security researchers' to privately disclose newly discovered vulnerabilities to the developers as opposed to sharing it with their little buddies.
Going to try something different; instead of creating a wall of text, I'll just copy and paste where I got the idea from:
Source: http://piwik.org/security/
Same idea, just replace "Piwik" with "VBSI" and probably lower the bounty too.
Going to try something different; instead of creating a wall of text, I'll just copy and paste where I got the idea from:
Piwik Security Bug Bounty Program
The Piwik Security Bug Bounty Program is designed to encourage security research in Piwik and to reward those who help us create the safest Web Analytics platform.
The bounty for valid critical security bugs is $500 (US) cash reward. The bounty for non-critical bugs is $200 (US), paid via Paypal.
The bounty will be awarded for security bugs that meet the following criteria:
The Piwik Security Bug Bounty Program is designed to encourage security research in Piwik and to reward those who help us create the safest Web Analytics platform.
The bounty for valid critical security bugs is $500 (US) cash reward. The bounty for non-critical bugs is $200 (US), paid via Paypal.
The bounty will be awarded for security bugs that meet the following criteria:
- Security bug must be original and previously unreported
- Security bug is present in the most recent supported or release candidate version of Piwik
- If two or more people report the bug together the reward will be divided among them
Same idea, just replace "Piwik" with "VBSI" and probably lower the bounty too.
Comment