Donation campaign launched, aimed at OpenSSL audit
A new funding drive has been created to entice security researchers to help discover flaws in OpenSSL.
Australian security start-up Bugcrowd, which offers a crowdsourced bug bounty marketplace, has launched the program, according to a blog post by the company.
Following the discovery of the Heartbleed bug and its impact on the internet as a whole, as well as statements made by Steve Marquess, president of the OpenSSL Software Foundation, regarding the need for funding to conduct a formal security audit on the open source software, Bugcrowd took action.
The company will organize “sprint bounties” – similar to normal bounty programs but involving a capped budget and set disclosure periods – which will reward members of the security community for discovering flaws with money donated to the campaign. Bugcrowd intends to cover all of its own costs associated with this effort.