Toby

I don't know enough about security research. For a project like Node.js does stopping bug bounties drastically impact anything?

On the face of it, no money means people may be less incentivised to help or report, which feels bad.

But Node.js is a massive concern, so is there enough goodwill and surface area that people will help and report anyway? Simply because big orgs rely on it?

https://nodejs.org/en/blog/announcements/discontinuing-security-bug-bounties

#Node #NodeJS #Security #SecurityResearch #BugBounty

Node.js — Security Bug Bounty Program Paused Due to Loss of Funding

Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.

Apr 11 at 9:47amWeb
Show threadDeadliftbear3d ago
@pixmo half of GOV.UK runs on Node and we’ve spent the last 9 months fighting npm worms. This isn’t good.