Collaborate Disseminate
Google’s Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts. Continue reading Google Offers Bug Bounties for Generative AI Security Vulnerabilities
Two lucky winners scooped $200k for just 20 minutes’ work – if you don’t count the days, weeks and months of meticulous effort beforehand Continue reading Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”
Hackers are crawling all over the US Department of Defense’s websites – and DoD officials are quite happy about the whole thing. Continue reading Ethical hackers swarm Pentagon websites
When is a security update not a security update? When it’s patching flaws in a version of an OS nobody beyond developers is yet running. Continue reading Android gets September update as price of flaws soars
If an app has more than 100 million installs, Google will pay for bugs, even if the app makers already have their own bounty programs. Continue reading Google throws bug bounty bucks at mega-popular third-party apps
The alleged, now indicted ringleader paid more than $1m in bribes to insiders who planted malware and hardware for remote unlocking. Continue reading More than 2m AT&T phones illegally unlocked by bribed insiders
Google is announcing much higher bug bounty payouts for Chrome, Chrome OS and Google Play. Continue reading Google Triples Some Bug Bounty Payouts
Maintainers of the world’s most popular open source media player, VLC, has issued the biggest single set of security fixes in the program’s history. Continue reading VLC media player gets biggest security update ever
A popular form of crowdsourcing might have a problem with the size of its crowd. Most of the high-value digital security vulnerabilities reported to bug-bounty programs are found by just a fraction of the freelance researchers who participate in those contests, recent reports show, suggesting that there are not enough skilled bounty hunters to handle the available work. The trend has big implications for an industry that has come to expect regular growth over the past half-decade. For the companies, it means their customers — corporations such as Fiat Chrysler, LinkedIn, Starbucks and others — are paying to hear about lots of low-severity bugs while more critical problems potentially remain undiscovered. The latest numbers come from the 2019 Hacker Report by HackerOne, one of the leading bug bounty platforms along with Bugcrowd and Synack. Seventy-two percent of the hackers polled by HackerOne said they preferred to probe for vulnerabilities in websites. Compare that to the 3.5 percent who […]
The post Why bug bounty firms want to be penetration testing companies appeared first on CyberScoop.
Continue reading Why bug bounty firms want to be penetration testing companies
An Argentinian has garnered $1m in bug bounties, while a German researcher has given up on getting any bounty at all from Apple. Continue reading Apple gets bug for free, while world sees first $1m bug hunter