Security Reporter Appreciation (Bug Bounty Program)

Idea Submitted by: Oliver Hader

What is your idea about?

Start security bug bounty program on available platforms (like HackerOne) in order to motivate security researches to focus on TYPO3. In case reports get confirmed by the TYPO3 security team, reporters shall receive some appreciation - either money or TYPO3 swag (shirts, cups, ...).

What is the potential impact of your idea?

Motivate (external) security researchers to work with TYPO3, analyse and report potential security flaws and vulnerabilities.

Approximate Funds needed

€10,000 - €25,000

Comment of the TYPO3 Association Budget Committee

The Budget Committee supports the idea. It should get restricted to Core and FriendOfTYPO3 Extensions (and or most used extensions) for the beginning.

Feedback

Please use the commenting section below and provide us your feedback for that idea.