Re: The Internet Bug Bounty: Data Processing (hackerone.com)

[Qhdwns123 <qhdwns123 () protonmail com>]

Hello,

I think this project is a good idea.

However, there is a difficulty.

Most of the bugs reported are only PoC files and ASan logs.

Because it takes a lot of analysis time to analyze the bugs and make the RCE (Exploit).

As a result, other bugs are delayed.

Thanks.

> -------- Original Message --------
> Subject: Re: [oss-security] The Internet Bug Bounty: Data Processing (hackerone.com)
> Local Time: October 9, 2017 5:04 PM
> UTC Time: October 9, 2017 8:04 AM
> From: reed () reedloden com
> To: oss-security () lists openwall com
>
> On Sun, Oct 8, 2017 at 11:24 PM Michael Niedermayer michael () niedermayer cc
> wrote:
>
> > > We’d love to have FFmpeg in-scope, but the simple reason is that they
> > > don’t
> > > reply to our e-mails. All projects participating must explicitly opt-in,
> > > and we can’t get anybody at FFmpeg to let us know their thoughts on if
> > > they
> > > would like to be added or not.
> >
> > Your mails where misidentified as spam on my side at least, and while
> > i admit i saw them and wanted to reply later i forgot and somehow
> > apparently everyone else forgot to reply too.
> > Finally replied and yes of course FFmpeg wants to participate
>
> Awesome! Thanks for getting back to us.
>
> We've added FFmpeg to the scope at the bottom of
> https://hackerone.com/ibb-data.
>
> Happy hacking,
> ~reed
> (for the IBB)