9 Comments

  1. Lourenco lemos
    · Reply

    Congrats to Oliver and the whole team :)

    Report

  2. David Anderson
    · Reply

    “Patchstack Red Team, a community bug-hunting program that pays out monthly bounties, has reported 1,182 vulnerabilities from March through October. Bounty payouts have reached $9,150 thus far.”

    The average vulnerability report pays out $7.74 ??

    Report

    • Oliver Sild
      · Reply

      Hi David

      Fair question.

      In reality, the payouts are not done per vulnerability. That’s because the plugin developers themselves don’t pay for bounties (as many are completely open-source without cashflow). Instead, we have a monthly prize-pool which we pay out every single month (you can take it as a fund, which we put together with our partners) to those devs/ethical hackers who give back to the ecosystem and help identify security vulnerabilities in plugins and themes.

      Report

  3. Jorcus
    · Reply

    That’s great! I have been using their WAF for many years and I am very satisfied. They are by far the most active red team I have seen in the WordPress ecosystem.

    Report

  4. Daniel Scott
    · Reply

    “has reported 1,182 vulnerabilities from March through October”

    Reported, but how many actually valid? Big difference. Reported are useless unless they’re valid.

    Report

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: