Collaborate Disseminate
As part of its crowdsourced security program, Zoom has recently increased the maximum payout for vulnerabilities to $50,000. Such figures make great headlines and attract new talent in search of the big bucks, but here is a question that begs to be ans… Continue reading How much is a vulnerability worth?
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible vulnerability disclosure and exploit development. The analysis of 473 publicly exploited… Continue reading The effectiveness of vulnerability disclosure and exploit development
Human ingenuity supported by actionable intelligence were found to be critical ingredients to maintaining a resilient infrastructure, Bugcrowd reveals. In fact, 78% of hackers indicated AI-powered cybersecurity solutions alone aren’t enough to outmaneu… Continue reading Study of global hackers and the economics of security research
Permalink
The post BSidesSF 2020 – Maria Mora’s, Chloé Messdaghi’s, Jeff Boothby’s, Tanner Emek’s, Ben Sadeghipour’s ‘Panel: Let’s Get 360 w/Bug Bounty!’ appeared first on Security Boulevard.
Continue reading BSidesSF 2020 – Maria Mora’s, Chloé Messdaghi’s, Jeff Boothby’s, Tanner Emek’s, Ben Sadeghipour’s ‘Panel: Let’s Get 360 w/Bug Bounty!’
Being a bug hunter who discloses their discoveries to vendors (as opposed to selling the information to the highest bidder) has been and is an ambition of many ethical hackers. Before vendors started paying for the info, the best they could hope for wa… Continue reading Full-time bug hunting: Pros and cons of an emerging career
HackerOne announced findings from the 2020 Hacker Report, which reveals that the concept of hacking as a viable career has become a reality, with 18% describing themselves as full-time hackers, searching for vulnerabilities and making the internet safe… Continue reading Hacking has become a viable career, according to HackerOne
Google’s Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches. Continue reading Google’s Project Zero highlights patch quality with policy tweak
Many thanks to Security BSides London for publishing their outstanding conference videos on YouTube.
Permalink
The post Security BSides London 2019, Jamie O’Hare’s ‘Bug Bounties: Crowdsourcing Nosey Bastards’ appeared first on … Continue reading Security BSides London 2019, Jamie O’Hare’s ‘Bug Bounties: Crowdsourcing Nosey Bastards’
Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, but has also created an isolated testing environment that will allow research… Continue reading Microsoft sets up isolated environment for bug hunters to test attacks against Azure
Via Tara Seals writing at the Threatpost Blog, detailing the highly competent bug hunting skill set of Laxman Muthiyah, examining – if you will – the lackadaisical 2FA data flow promulgated by Facebook, Inc. (Nasdaq: FB) on the company’s owned Instagr… Continue reading Instagram 2FA Bypass, A Tale of Superlative Bug Hunting Skills & Indolent Multi-Factor Authentication