The Drupal project has just announced a bug bounty program where they’re offering sums between $50-1000 USD for anyone who finds and reports a security issue with Drupal 8:
The security team is using monies from the D8 Accelerate fund to pay for valid security issues found in Drupal 8, from now until August 31, 2015 (open to extension). This program is open for participation by anyone.
One thing to note, they’re only looking for Drupal 8 issues here, not problems in past editions (I’m sure they’d still appreciate them being reported though). There’s some stipulations they list where the vulnerability doesn’t count including someone with Administer level access and several other very specific kinds…
원본 글 보기 942단어 남음