[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] The Internet Bug Bounty: Data Processing (hackerone.com)
From:       Qhdwns123 <qhdwns123 () protonmail ! com>
Date:       2017-12-17 7:14:16
Message-ID: 7J5Ty2vgO1xgwQfuBuNdOk_66l2D-0tR4x-V9y9H5SSXjFG6W6BrvMZ0Q4CCv3vtXL6Z01B-vuXX_roq-cfb3JjF6m-If5ib8B9Z8KkYqgw= () protonmail ! com
[Download RAW message or body]

[Attachment #2 (text/plain)]

Hello,

I think this project is a good idea.

However, there is a difficulty.

Most of the bugs reported are only PoC files and ASan logs.

Because it takes a lot of analysis time to analyze the bugs and make the RCE (Exploit).

As a result, other bugs are delayed.

Thanks.

> -------- Original Message --------
> Subject: Re: [oss-security] The Internet Bug Bounty: Data Processing (hackerone.com)
> Local Time: October 9, 2017 5:04 PM
> UTC Time: October 9, 2017 8:04 AM
> From: reed@reedloden.com
> To: oss-security@lists.openwall.com
>
> On Sun, Oct 8, 2017 at 11:24 PM Michael Niedermayer michael@niedermayer.cc
> wrote:
>
>>> We'd love to have FFmpeg in-scope, but the simple reason is that they
>>> don't
>>> reply to our e-mails. All projects participating must explicitly opt-in,
>>> and we can't get anybody at FFmpeg to let us know their thoughts on if
>>> they
>>> would like to be added or not.
>>
>> Your mails where misidentified as spam on my side at least, and while
>> i admit i saw them and wanted to reply later i forgot and somehow
>> apparently everyone else forgot to reply too.
>> Finally replied and yes of course FFmpeg wants to participate
>
> Awesome! Thanks for getting back to us.
>
> We've added FFmpeg to the scope at the bottom of
> https://hackerone.com/ibb-data.
>
> Happy hacking,
> ~reed
> (for the IBB)

[prev in list] [next in list] [prev in thread] [next in thread]