Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

EFF Launches Security Vulnerability Disclosure Program for "Let's Encrypt", "HTTPS Everywhere", Etc.

Accepted submission by takyon at 2015-12-04 05:11:35
Security

The Electronic Frontier Foundation has announced a Security Vulnerability Disclosure Program [eff.org] to deal with both the bugs in its recent major projects as well as software the organization uses:

At EFF we put security and privacy first. This means working hard at keeping our members and site visitors safe, as well as the people who use the software we develop. We also dedicate staff time to advising security researchers, maintaining resources like our Coders' Rights Project [eff.org], and helping groups like Facebook [eff.org] improve their bug reporting policies.

Today we're following our own advice by announcing EFF's own Security Vulnerability Disclosure Program [eff.org]. The Disclosure Program is a set of guidelines on how to report bugs in software EFF develops, like HTTPS Everywhere [github.com] or Let's Encrypt [github.com], as well as the software we use to run our sites and services. The scope of the bugs we're looking for is detailed on the Security Vulnerability Disclosure Program page [eff.org], but we're not just looking for bugs in our code. Security vulnerabilities created by the specific configuration of software on EFF servers are also within the scope of this program.

Forget about cash bounties. You're looking at acknowledgment, t-shirts, complimentary EFF memberships, opportunities to meet EFF staff (based in San Francisco), and "complimentary tickets to EFF events like the Pioneer Awards [eff.org] for especially severe vulnerabilities."


Original Submission