Migrate Pocket's bug bounty program to Mozilla

Question

Migrate Pocket's bug bounty program to Mozilla

bhourigan opened this issue 6 years ago · 5 comments

Pocket independently operates their own bounty program through HackerOne. Let's get this under Mozilla's program and classify Pocket's web properties.

It's been requested that Pocket's HoF list be maintained somehow throughout this migration.

Answer 1 · 2018-10-08T19:51:54.000Z

I can do this! Is my understanding that you want getpocket.com to be listed under the Core section of eligible bug bounty websites?

Answer 2 · 2018-10-08T19:58:34.000Z

That's correct. I'd also like to maintain the Pocket HoF list to whatever extent is possible.

https://help.getpocket.com/article/870-pocket-security-overview

Answer 3 · 2018-10-08T21:07:52.000Z

Do you want to merge it into the Mozilla Web Hall of Fame? Or leave it as is? For easy of maintenance, I'd prefer to not to maintain a separate Pocket list going forward.

Answer 4 · 2018-10-08T21:27:32.000Z

If it's easier for you we can maintain our own HoF for historical purposes. New submissions would be on Mozilla's page.

Answer 5 · 2018-10-08T22:48:20.000Z

It's up to you! The actual client and web bug bounty lists are maintained in this repository:

https://github.com/mozilla/foundation-security-advisories/tree/master/bug-bounty-hof

So if you're up for migrating it, I'd be happy to approve the PR. Otherwise just leaving the historical one as-is sounds like a solid plan.