[Bug-tar] Fwd: [gnu.org #1225729] Re: Participation in Internet Bug Bounty

[Adam Bacchus]

Hi bug-tar@,

My name is Adam Bacchus, and I help run the Internet Bug Bounty (IBB), an organization that helps sponsor bug bounty programs for widely used open source projects.

We were wondering if GNU tar would be open to participating in the IBB as a technology in scope - this would mean security researchers would report bugs to you, then after you’ve issued a patch, the researcher can receive a monetary reward (i.e. a bounty) from IBB as thanks for improving the security of the Internet.

This does not require any changes to your current processes; IBB handles all bounty claims and payouts directly with the researchers.

How does this sound? Any questions or concerns?

Thanks!

-Adam Bacchus

https://twitter.com/sushihack

https://www.linkedin.com/in/adambacchus/

---------- Forwarded message ----------
From: Andrew Engelbrecht via RT <address@hidden>
Date: Thu, Jul 20, 2017 at 12:45 PM
Subject: [gnu.org #1225729] Re: Participation in Internet Bug Bounty
To: address@hidden


On Fri Jul 14 21:02:25 2017,  address@hidden wrote:
> +reed, another IBB panel member
>
> Hello,
>
> Just a friendly ping - if anyone's listening and would be interested in
> learning more about having IBB help fund security research on GNU tar,
> please let us know.

Hello Adam,

This page lists the GNU tar mailing lists:

https://www.gnu.org/software/tar/

I recommend making a post to "bug-tar" with your offer.

Thanks,
Andrew