科技回声

barrkel超过 7 年前

Is anyone else concerned at the perverse incentives created by bug bounties on open source software?Monetizing bugs may end up encouraging the creation of insidious, underhanded bugs explicitly so that bounties can later be claimed by other parties supposedly at arms length.

评论 #15846373 未加载

评论 #15850398 未加载

评论 #15849353 未加载

chasil超过 7 年前

It would be nice if they also approved one for Android Stagefright.All monthly Android security bulletins from this year have critical CVEs in the media system.<a href="https://source.android.com/security/bulletin/" rel="nofollow">https://source.android.com/security/bulletin/</a>

评论 #15847931 未加载

heavenlyblue超过 7 年前

Why VLC?

评论 #15846327 未加载

评论 #15846357 未加载

评论 #15846298 未加载

gcbw2超过 7 年前

what about this rationale:> The purpose of the procedure is to provide the European institutions with open source software projects or libraries that have been properly screened for potential vulnerabilities;I don't think bug bounty is a substitute for certification. And it benefits the most if is a long-run with accumulating rewards.making it short term with only one payout will only attract people with automated tools for the initial period. Then code will get "certified" and forgotten. It all seems wrong. Hopefully it is just bad wording on the official PR.

评论 #15846307 未加载

评论 #15846290 未加载

评论 #15846153 未加载

The European Parliament has approved budget for VLC bug bounty program

4 条评论

The European Parliament has approved budget for VLC bug bounty program

4 条评论