Rob Stradling wrote:
> Gerv, how about asking Google to add NSS to the list of projects that
> are in-scope for this new rewards program?
>
> I believe Chromium still uses NSS for TLS, and so NSS would qualify for
> the "Open-source foundations of Google Chrome" category.
>
> Firefox uses NSS, an
On 10/10/13 16:35, chris hofmann wrote:
> The one idea that is new here is the idea about paying developers for
> fixing vulnerabilities in the code they work on. That could create the
> wrong incentives if not managed and tracked properly, setting up the
> possibility of writing code that's insec
On 10/10/13 11:21, Rob Stradling wrote:
> Gerv, how about asking Google to add NSS to the list of projects that
> are in-scope for this new rewards program?
Good idea.
Gerv
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.moz
Interesting experiment. We (the mozilla bounty evaluation team) have
paid, on a case by case basis, for vulnerabilities outside the mozilla
code for things affecting any dependencies we have for Firefox 3rd party
libraries, or our core development application or services websites for
some t
Wow. Having worked on BIND and ISC DHCP for many years, I am *cheering* this!
Fantastic. Personally while I can see the concern about contributor "theft" I
think the way to go is to be aware, paying attention to whats going on with
those contributors, and supporting their efforts on our… preferr
On 10/10/13 11:01, Gervase Markham wrote:
http://googleonlinesecurity.blogspot.co.uk/2013/10/going-beyond-vulnerability-rewards.html
Google are now paying people, retrospectively, for any patch that
improves the security of OpenSSH, BIND, ISC DHCP, libjpeg,
libjpeg-turbo, libpng, giflib, Chromiu
http://googleonlinesecurity.blogspot.co.uk/2013/10/going-beyond-vulnerability-rewards.html
Google are now paying people, retrospectively, for any patch that
improves the security of OpenSSH, BIND, ISC DHCP, libjpeg,
libjpeg-turbo, libpng, giflib, Chromium, Blink, OpenSSL, zlib and
commonly used co
