Let's make sure Heartbleed doesn't happen again.

with Bugcrowd
This campaign will expire at
on .
To date
$7,262
Expired
Tilts at [?] $15,384.62
Target at $100,000
Let's make sure Heartbleed doesn't happen again.
The Heartbleed vulnerability affected all of us, and the question that still remains is what other bugs still exist in OpenSSL that we don’t know about? This is your opportunity as an Internet citizen or business to be a part of funding a focussed crowdsourced security assessment to find the next Heartbleed.

The bigger the reward pool, the more attention this project will receive from the security research community.

With many eyes and the right incentive all bugs are shallow.

100% of the proceeds will be offered to security researchers. Any leftover funds will be passed on to the OpenSSL Software Foundation. Bugcrowd will administer the bounty at it's own expense.

We're looking for corporate sponsors to create a reward pool that attracts the necessary talent from the security research community. We're also opening this Crowdtilt up for *everyone*... Heartbleed affected everyone on the Internet, and we believe in giving everyone the opportunity to contribute.

Sponsors will be credited as Defenders of the Internet, and sponsors who commit over $5,000 will be specially mentioned and thanked.

Together let’s make the Internet a safer place.

An open letter available at https://blog.bugcrowd.com/crowdfunded-bounty-lets-make-sure-heartbleed-doesnt-happen-again
Casey EllisWe thought we'd give credit where credit is due to those who've worked on this type of security crowdfunding project before, and have been stirring the conversation around getting the OpenSSL codebase under proper public scrutiny:

@matthew_d_green, @Erratarob, @nickdepetrillo and @thegrugq.

You guys are, at the very least, in some way to blame for the seed of this idea, and we tip our hat to you.
a year ago
Close