Skip to content
This repository has been archived by the owner on Nov 16, 2022. It is now read-only.

publish something about our security program #560

Closed
chadwhitacre opened this issue Apr 6, 2016 · 18 comments
Closed

publish something about our security program #560

chadwhitacre opened this issue Apr 6, 2016 · 18 comments
Labels
Marketing

Comments

@chadwhitacre
Copy link
Contributor

Reticketed from #558 (comment).

We've put a lot of effort over the past few months into setting up our HackerOne program. Let's blog about it!

Draft 1: "An Open Vulnerability Program: Announcing Gratipay on HackerOne"
@chadwhitacre
Copy link
Contributor Author

Draft 1: "An Open Vulnerability Program: Announcing Gratipay on HackerOne"

@TheHmadQureshi
Copy link

Awesome! 👍

@chadwhitacre
Copy link
Contributor Author

I've been tinkering with Draft 1 rather than making a new draft.

@chadwhitacre
Copy link
Contributor Author

Is it too bold to title this, "A New Standard in Transparent Security"?

@chadwhitacre
Copy link
Contributor Author

Maybe just "Transparent Security"

@chadwhitacre
Copy link
Contributor Author

Any objections to publishing?

"Transparent Security: Introducing Gratipay's Program on HackerOne"

@chadwhitacre
Copy link
Contributor Author

Alright, here we go ...

@chadwhitacre
Copy link
Contributor Author

I added some stats. A quarter of our reports are duplicates, and half our reports are low-quality.

@chadwhitacre
Copy link
Contributor Author

  • make a page listing our disclosures
  • figure out an image

@chadwhitacre
Copy link
Contributor Author

screen shot 2016-04-08 at 11 09 43 am

@chadwhitacre
Copy link
Contributor Author

screen shot 2016-04-08 at 11 28 28 am

@chadwhitacre chadwhitacre mentioned this issue Apr 8, 2016
Merged
@chadwhitacre
Copy link
Contributor Author

Two points make a line? :-)

logo-049c93004a425a8472da247aa44c4edd

https://hackerone.com/blog/uber-launches-first-of-its-kind-hacker-loyalty-program-with-hackerone-bonuses

hackerone-logo-300x206

https://blog.newrelic.com/2016/03/14/responsible-disclosure-security/

@chadwhitacre
Copy link
Contributor Author

screen shot 2016-04-08 at 12 34 44 pm

@chadwhitacre
Copy link
Contributor Author

Ready? I think we're ready ...

@chadwhitacre
Copy link
Contributor Author

Published! 😳

https://twitter.com/Gratipay/status/718480331666550784

@chadwhitacre
Copy link
Contributor Author

I've received a kind note in private email from HackerOne's CEO. I've asked him if I can share it here.

@chadwhitacre
Copy link
Contributor Author

Kudos to the Gratipay team for the Transparent Security blog posting. It should be essential reading for anyone doing bug bounty programs or vulnerability coordination. You don't know how proud we are to have you on the H1 platform!

@chadwhitacre
Copy link
Contributor Author

Also some encouraging feedback on Twitter:

@whit537 Nice article about the @gratipay bounty program!

https://twitter.com/mrusschen/status/718485981075283971

Holy cow @gratipay, this is a goldmine of feedback. Great writeup!

https://twitter.com/Magoo/status/718487174350409728

@chadwhitacre chadwhitacre mentioned this issue Oct 7, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Marketing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chadwhitacre @TheHmadQureshi