Some hackers are very active and report a lot of valuable vulnerabilities to the third party triage team.
I wonder if there could be a good way to give them more credit that only mentioning them as the authors of the vuln.
I wonder if there could be a good way to give them more credit that only mentioning them as the authors of the vuln.
Oh, I am pretty sure there are a lot of good ways! 馃槃
Oh definitely @vdeturckheim, I think that's a great topic to bring up and also aligns well with our evangelism activities.
Some ideas for things we can do/doing so far:
@bl4de would be great to hear some input from you as well.
I really like ideas listed in @lirantal comment (especially 3. and 4.)
As an addition to this, I think some kind of swag would be appreciated. Node and npm stickers, t-shirts, maybe some books about Node and its ecosystem.
What do you think?
@bl4de I think the Swag idea is good too but it relates into recognition rather than acknowledgement and visibly crediting work.
Swag might be another way for us to promote awareness and recognize both hackers as well as WG members too.
+1 to the suggestions in https://github.com/nodejs/security-wg/issues/293#issuecomment-393948318
Note there's a hall of fame ("thanks") page at https://hackerone.com/nodejs/thanks and https://hackerone.com/nodejs-ecosystem/thanks that tracks researchers who have submitted valid reports.
For what it's worth, I think there's probably a pretty good opportunity for us to tie this into the work the Website Redesign is doing. We've been considering a Thanks page for various reasons, and this may be another interesting and positive use case that breaks the mold that we were originally thinking of it in.
cc @nodejs/website-redesign
Love this idea. Can someone open this as an issue in the website redesign repo?
@amiller-gh sure thing: https://github.com/nodejs/website-redesign/issues/59
Closing in favor of #362
Most helpful comment
@amiller-gh sure thing: https://github.com/nodejs/website-redesign/issues/59