Omniauth - Internet Bug Bounty Invite
7 views
Skip to first unread message
Kayla Underkoffler
Nov 12, 2021, 4:06:52 PM11/12/21
to omni...@googlegroups.com, Internet Bug Bounty
Hi, Omniauth team!
I'm Kayla, Senior Security Technologist at HackerOne, and I’m the lead for the Internet Bug Bounty (IBB).
The Internet Bug Bounty was created with the goal of helping to secure critical open source infrastructure. After almost $1M paid out for vulnerabilities in open source, we are expanding the program's scope with more OSS Projects, and I’m reaching out to you today because Omniauth has been a popular request from our partners and the community.
You can review a more detailed description of how the IBB works in the attached document but, at a high level:
I’d love to start rewarding bounties for Omniauth CVEs going forward, and I can get the project enrolled into the program scope in the coming weeks. If at any point in time or for any reason you want bounty rewards to stop, please let me know as I can take action right away.
I am excited to be able to play a small part in supporting Omniauth, and I hope you find the program valuable. If there are any questions around the process or any other details, please reach out; I’m here to help.
--
I'm Kayla, Senior Security Technologist at HackerOne, and I’m the lead for the Internet Bug Bounty (IBB).
The Internet Bug Bounty was created with the goal of helping to secure critical open source infrastructure. After almost $1M paid out for vulnerabilities in open source, we are expanding the program's scope with more OSS Projects, and I’m reaching out to you today because Omniauth has been a popular request from our partners and the community.
You can review a more detailed description of how the IBB works in the attached document but, at a high level:
- Partners contribute funds to a shared pool, and nominate projects for inclusion
- Vulnerabilities are reported directly to project maintainers by your preferred process
- After a public advisory is released, the Finder submits a bounty claim to the IBB
- Bounty is split 80% for finder and 20% to the project
I’d love to start rewarding bounties for Omniauth CVEs going forward, and I can get the project enrolled into the program scope in the coming weeks. If at any point in time or for any reason you want bounty rewards to stop, please let me know as I can take action right away.
I am excited to be able to play a small part in supporting Omniauth, and I hope you find the program valuable. If there are any questions around the process or any other details, please reach out; I’m here to help.
Reply all
Reply to author
Forward
0 new messages