Hi bug-tar@, My name is Adam Bacchus, and I help run the Internet Bug Bounty (IBB) <https://internetbugbounty.org/>, an organization that helps sponsor bug bounty programs for widely used open source projects.
We were wondering if GNU tar would be open to participating in the IBB as a technology in scope - this would mean security researchers would report bugs to you, then after you’ve issued a patch, the researcher can receive a monetary reward (i.e. a bounty) from IBB as thanks for improving the security of the Internet. This does not require any changes to your current processes; IBB handles all bounty claims and payouts directly with the researchers. How does this sound? Any questions or concerns? Thanks! -Adam Bacchus https://twitter.com/sushihack https://www.linkedin.com/in/adambacchus/ ---------- Forwarded message ---------- From: Andrew Engelbrecht via RT <sysad...@gnu.org> Date: Thu, Jul 20, 2017 at 12:45 PM Subject: [gnu.org #1225729] Re: Participation in Internet Bug Bounty To: a...@hackerone.com On Fri Jul 14 21:02:25 2017, a...@hackerone.com wrote: > +reed, another IBB panel member > > Hello, > > Just a friendly ping - if anyone's listening and would be interested in > learning more about having IBB help fund security research on GNU tar, > please let us know. Hello Adam, This page lists the GNU tar mailing lists: https://www.gnu.org/software/tar/ I recommend making a post to "bug-tar" with your offer. Thanks, Andrew
