On Thu, Jan 16, 2014 at 10:58 AM, Daniel Cegiełka <daniel.cegie...@gmail.com> wrote:
> Another example: Google will pay even more than $3000 for finding an > error in OpenSSH (Core infrastructure network services) - do they know > about your problems? > > http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html > > Daniel > Yes, we're aware of that program. However it still comes down to a bounty for bugfixes or change of some sort. so it's not a source of sustainable funding, unless we were to do something like introduce an annual quota of bugs and convincing looking churn for the sake of "finding them" every year. Would you want to depend upon software in your infrastructure that we were doing that to?
