Minutes from meeting with BugCrowd

Owned by Diarmid Mackenzie
Aug 13, 2020
1 min read

13 August sync up

Quiet start (after 4 August launch), but we got our first vulnerability report in today (in Triage, looks valid).

25 initial invites
Further 50 sent out Tuesday.

23 accepted so far.
this means they intend to test but it can vary how much they do or how quickly
if we want to monitor this, best is to monitor access logs for our own test systems - Bugcrowd only have info on how many vulnerabilities found.

  • Various levels of openness of project

  • Small private

  • Large private --> we are here right now

  • Joinable on request

  • Public --> typical end goal. But we don't want to move too fast and risk us getting overwhelmed.

We now have some top 20 testers. Including #1 on every bug bounty platform. Recommend we give it another week before adding more or we'd be at risk of overwhelm.

We want to get GAEN going soon. With PathCheck to define a solution for how testers can access this (through a HD partner).

Suggestion; we set up GAEN as a separate project. Separate controls... We all agreed this would work best. And Michael even suggested we could run this 2nd program for a full 90d which would be great.

Next checkpoint - 2 weeks' time. Probably we will hand off program ownership to a new test lead by then - details to follow.

Pushing new releases