Security-wg: Acknowledging most active hackers for ecosystem

Created on 1 Jun 2018  路  10Comments  路  Source: nodejs/security-wg

Some hackers are very active and report a lot of valuable vulnerabilities to the third party triage team.

I wonder if there could be a good way to give them more credit that only mentioning them as the authors of the vuln.

security-wg-agenda

Most helpful comment

All 10 comments

I wonder if there could be a good way to give them more credit that only mentioning them as the authors of the vuln.

Oh, I am pretty sure there are a lot of good ways! 馃槃

Oh definitely @vdeturckheim, I think that's a great topic to bring up and also aligns well with our evangelism activities.

Some ideas for things we can do/doing so far:

  1. Twitter - Mention authors on social media when public disclosures are made. This one we're doing but not automatically and I have personally neglected following-up on it due to manual process it requires.
  2. Maintaining a Hackers Board kind of README in this repo where we will list hackers and their contribution. We can link to it from the main README repos for visibility. This is already largely visible on HackerOne platform as well and we can probably just integrate with the stats there.
  3. Evangelism - Connecting it back to our evangelism efforts to raise awareness in the community we can invite them for webinars, podcasts, or even written interview posts and share this on social media. This is where we can give them more spotlight and share insights and feedback that comes from them.
  4. Monthly or Quarterly Spotlight - a regular post from the WG that will list all the vulnerabilities that have been disclosed in that period of time (maybe the more interesting items), and can also discuss the actual vulnerability trends etc, as well as include a hacker spotlight where we can again feature a an active hacker in our community, or share the leaderboard.

@bl4de would be great to hear some input from you as well.

I really like ideas listed in @lirantal comment (especially 3. and 4.)

As an addition to this, I think some kind of swag would be appreciated. Node and npm stickers, t-shirts, maybe some books about Node and its ecosystem.

What do you think?

@bl4de I think the Swag idea is good too but it relates into recognition rather than acknowledgement and visibly crediting work.

Swag might be another way for us to promote awareness and recognize both hackers as well as WG members too.

Note there's a hall of fame ("thanks") page at https://hackerone.com/nodejs/thanks and https://hackerone.com/nodejs-ecosystem/thanks that tracks researchers who have submitted valid reports.

For what it's worth, I think there's probably a pretty good opportunity for us to tie this into the work the Website Redesign is doing. We've been considering a Thanks page for various reasons, and this may be another interesting and positive use case that breaks the mold that we were originally thinking of it in.

cc @nodejs/website-redesign

Love this idea. Can someone open this as an issue in the website redesign repo?

Closing in favor of #362

Was this page helpful?
0 / 5 - 0 ratings

Related issues

MarcinHoppe picture MarcinHoppe  路  7Comments

sam-github picture sam-github  路  5Comments

bmeck picture bmeck  路  7Comments

vdeturckheim picture vdeturckheim  路  8Comments

victor1342 picture victor1342  路  4Comments