Vulnerability Management

Donation campaign launched, aimed at OpenSSL audit

A new funding drive has been created to entice security researchers to help discover flaws in OpenSSL.

Australian security start-up Bugcrowd, which offers a crowdsourced bug bounty marketplace, has launched the program, according to a blog post by the company.

Following the discovery of the Heartbleed bug and its impact on the internet as a whole, as well as statements made by Steve Marquess, president of the OpenSSL Software Foundation, regarding the need for funding to conduct a formal security audit on the open source software, Bugcrowd took action.

The company will organize “sprint bounties” – similar to normal bounty programs but involving a capped budget and set disclosure periods – which will reward members of the security community for discovering flaws with money donated to the campaign. Bugcrowd intends to cover all of its own costs associated with this effort.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.