This Crowdtilt will fund a focussed crowdsourced security assessment (otherwise
known as a bug bounty) on OpenSSL.
...
Security crowdsourcing company Bugcrowd will organize a “sprint bounty;”
coordinating and incentivising the security research community to thoroughly
test OpenSSL for potential security concerns.
I'm a little worried this is just PR move for Bugcrowd, but it might be genuinely useful in producing a bunch of bug reports for holes not discovered yet.
(Having said that, if you're a blackhat the amount you'd get selling or using anything you found would eclipse whatever Bugcrowd would pay you... But that'd happen regardless if this ran or not.)
(Having said that, if you're a blackhat the amount you'd get selling or using anything you found would eclipse whatever Bugcrowd would pay you... But that'd happen regardless if this ran or not.)