Bug Bounty Programs and Funding for Programs/bugs
-
I have seen in several threads and on the Q&A that some people has looked in to bug bounty programs. I wanted to start a thread to get the community talking about it, and search for a solution. What challenges do we face with taxe's? What is a way we can pay for bugs to be fixed buy people out side the community, maybe it can bring people to the community. What programs are easy to use? What features do we need and are looking for?
I had a simple Idea for a bug bounty program and that is to use a crowed funding campaign for the bug, when the bug is fixed. 75% would go to the team/individual who fixed the bug/application request, 15% would go to the UT team to help support the project and time spent maintaining. the rest for the platform fees and misc.
This would allow the community to decided how much a bug is worth, the only issue I see is if their are multiple teams working on the same project, their would be fierce competition to get your fix in first. Then if there is a tie, who wins the better secure code? This could lead to infighting... We would need a way to delegate bugs.
I put this is support, because I want the community support finding a solution and support to ad hock bug bounty at the moment.
Currently Using: Google Pixel 3a (sargo) OTA-17
-
@trwidick
That could be some temporarily solution, but i don't think it is good for long term, because uTouch don't need people comming for money, but for the sake of the OS, money must come after. -
@keneda Well, I don't know if you noticed, but there is a lack of developers. We need all hands on deck. Me, like other users, lack the programming skills, but we are willing to support the UT development financialy. Anbox was an example that it can be done.
-
@c0n57an71n please read again my post as you may misanderstood my point.
Plus i'm more than willing to give money, to ubports, and already did.
-
@keneda My point is we can draw in developers, by crowd funding and bug bountys. It would be nice for devs to make a little side cash for work. Open source is free speach, not free beer. I think we should by our devs beer, and a bug bounty as thousands of companies have would expose UT to hundreds of devs, and more work could be done, alowing our main devs to stay focused on the large projects and have a day or two off. Think of all the side projects they cant get to because they are over loaded with the new port to 20.04... agps, mms issues the list goes on. I do support via patreon already, but i think it would help to 1. Give apriciation to the dev who solves the issue. 2. Free up more time of the main devs. 3. Expose UT to a large group of highly skilled ethical hackers/coders/devs 4. Maybe speed up the development of ut in a controled fashion with out moving to payed or propitary software.
Everything has motivation behind it. We should add some motivation. Ask any person on the street why should they code for UT? Find me reasons.
P.S. Its thrid/fourth of july. Sorry for the typos and bad speach.
-
@trwidick said in Bug Bounty Programs and Funding for Programs/bugs:
75% would go to the team/individual
15% would go to the UT team
the rest for the platform fees and misc.Do we know for certain the platform fees are 10%? What would "misc" be? What if the fees are higher?
And if this is crowdfunded, what is it crowdfunding for, and why aren't those people already donating that same amount of funds to UBports Foundation already?
-
@dobey This was an idea, i saw 4 diffrent platforums with fees totalling 10%. This is a debate, nothing is set in stone, this is an idea able to change on a wim. As this would be to fix issues the main devs do not have time for. Ubports I think pays the main devs, not freelancers as far as im aware. My idea also would give more to the UT devs.
The crowdfunding would be for each Bug or Issue. Maybe a agps will have a pot of $150 for the person or team implements it.
Do you have sugestions?
Like a platform, reasons against, reason for?Thier is crowdfunding and bugbountys two diffrent things. I was just trying to start a conversation on them. Trying to figure out what would work, and drive the comunity.
-
@trwidick doing agps is a big job, say it takes a few months and a single developer was capable to do it in that time (might be even bigger, but for this idea lets just say they implement something already available) so a 2 month job is at the very least a $10,000+ type of thing, throwing a $100 at various problems might sound ok but is nothing unless the developer is already doing these things for free. Developers that are working for free just work on things that motivate them.
