april
commented
6 years ago I can do this! Is my understanding that you want getpocket.com to be listed under the Core section of eligible bug bounty websites?
Open bhourigan opened 6 years ago
april
commented
6 years ago I can do this! Is my understanding that you want getpocket.com to be listed under the Core section of eligible bug bounty websites?
bhourigan
commented
6 years ago That's correct. I'd also like to maintain the Pocket HoF list to whatever extent is possible.
https://help.getpocket.com/article/870-pocket-security-overview
april
commented
6 years ago Do you want to merge it into the Mozilla Web Hall of Fame? Or leave it as is? For easy of maintenance, I'd prefer to not to maintain a separate Pocket list going forward.
bhourigan
commented
6 years ago If it's easier for you we can maintain our own HoF for historical purposes. New submissions would be on Mozilla's page.
april
commented
6 years ago It's up to you! The actual client and web bug bounty lists are maintained in this repository:
https://github.com/mozilla/foundation-security-advisories/tree/master/bug-bounty-hof
So if you're up for migrating it, I'd be happy to approve the PR. Otherwise just leaving the historical one as-is sounds like a solid plan.
Pocket independently operates their own bounty program through HackerOne. Let's get this under Mozilla's program and classify Pocket's web properties.
It's been requested that Pocket's HoF list be maintained somehow throughout this migration.