This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
FOSSA bug bounty program
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: libc-alpha at sourceware dot org
- Date: Mon, 31 Dec 2018 12:10:49 +0100
- Subject: FOSSA bug bounty program
glibc is listed as a participating project here:
<https://juliareda.eu/2018/12/eu-fossa-bug-bounties/>
Has anyone been in contact with them? How do they propose to deal
with their findings?
The default terms of the vulnerability sharing platform they chose are
incompatible with how we handle vulnerabilities, with collaboration on
patch development across multiple organizations and coordinated
disclosure for important vulnerabilities.