Magento split up the Bug Bounty Program of Ebay - Begin 1st May!

Magento split up the Bug Bounty Program of Ebay - Begin 1st May

Today in the morning we received a mail message by the representatives of the magento bug bounty program.

The mail is send to all active security researchers in the official ebay inc and magento bug bounty program.

In the message the magento team announces that the active researchers should send the new reports (begin 1st may) to the official magento bug bounty source. Reason for that is a cooperative split of both programs.

"Hello Magento Researchers, beginning on May 1, Magento submissions should be directed to security@magento.com . For messages with sensitive content, please encrypt your email with our encryption key which can be found on the security center page, https://magento.com/security.”

Please recognize to send all the new reports to the real magento source. Otherwise it could happen that the issue of a researcher is called invalid because of the wrong contact source. We already had knowledge about that this case could happen in 2015 after some time because ebay inc and paypal inc split there programs too. Reason is that both parties are moving forward to the stock-market in 2015. Researchers are not affected by the change of source.

Note: Do not forget to encrypt your mail communication with the source because paypal and ebay provided a secure email service that is not provided by magento.

Reference(s):

https://magento.com/security  (security@magento.com)