Let’s make ransomware MORE illegal, says Maryland
… with a clumsily worded proposed bill that wouldn’t protect researchers. Continue reading Let’s make ransomware MORE illegal, says Maryland
Category Archives: bug disclosure
Google’s Project Zero highlights patch quality with policy tweak
Google’s Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches. Continue reading Google’s Project Zero highlights patch quality with policy tweak
HackerOne pays $20,000 bounty after breach of own systems
In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher who reported a security flaw inadvertently caused by one of its staff during… a bug submission. Continue reading HackerOne pays $20,000 bounty after breach of own systems
Uncle Sam opens arms to friendly hackers
All you bug hunters out there are about to get a nice Christmas gift – the US federal government finally wants to hear from you. Continue reading Uncle Sam opens arms to friendly hackers
How the Linux kernel balances the risks of public bug disclosure
A serious Wi-Fi flaw shows how Linux handles security in plain sight. Continue reading How the Linux kernel balances the risks of public bug disclosure
Google paid out $3.4m in bug bounties last year
317 researchers from 78 countries turned 2018 into a worldwide bug-crunching spree. Continue reading Google paid out $3.4m in bug bounties last year
Google+ to power down early after second security hole found
Google has disclosed the second security hole in its Google+ social network in three months. Continue reading Google+ to power down early after second security hole found
Hacker says USPS ignored serious security flaw for over a year
A security researcher claims the US Postal Service ignored a security flaw affecting 60 million users, until it was contacted by a journalist. Continue reading Hacker says USPS ignored serious security flaw for over a year
How a cryptocurrency-destroying bug almost didn’t get reported
A researcher recently revealed how he found a bug that could have brought the fourth largest cryptocurrency to its knees – and how he was almost unable to report it. Continue reading How a cryptocurrency-destroying bug almost didn’t get reported
Dropbox revamps vulnerability disclosure policy, with hopes that other companies follow suit
Dropbox updated its vulnerability disclosure policy Wednesday, not only looking to clarify its relationship with cybersecurity researchers, but also attempting to set a standard for the rest of the tech industry. The San Francisco file-hosting company said the move is a response to “decades of abuse, threats, and bullying” against researchers who find and describe bugs in commercial software. Lawsuits are common, and journalists as well as traditional researchers can be caught up in fights over vulnerability disclosures. The highest-profile ongoing lawsuit is Keeper Security’s defamation suit against Ars Technica journalist Dan Goodin about an article that described flaws in Keeper’s password manager. Dropbox’s new policy — which the company invited others in the industry to use as a template — was updated with the following elements: A clear statement that external security research is welcomed. A pledge to not initiate legal action for security research conducted pursuant to the policy, including good faith, […]
The post Dropbox revamps vulnerability disclosure policy, with hopes that other companies follow suit appeared first on Cyberscoop.