Collaborate Disseminate
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed? Continue reading HackerOne CEO Talks Bug Bounty Programs at RSA Conference
Senators rebuked Uber on Tuesday during a Senate Commerce subcommittee hearing over the company’s handling of the data breach it disclosed in November 2017, with one lawmaker calling the company’s decision to wait a year before publicly disclosing it “morally wrong and legally reprehensible.” Uber’s actions “violated not only the law but the norm of what should be expected,” said Sen. Richard Blumenthal, D-Conn., the subcommittee’s ranking member said. Uber revealed in November 2017 it paid $100,000 to delete data of 57 million users worldwide that was maliciously obtained by Florida-based hackers. The data included names, email addresses and phone numbers, and in some cases, encrypted passwords and driver’s license numbers. While Uber says that the hackers acted maliciously, the company paid them through HackerOne, which hosts Uber’s bug bounty program – a way for ethical hackers to receive payouts for informing companies about vulnerabilities. During the hearing, the lawmakers questioned Uber’s chief […]
The post Senators grill Uber CISO over 2016 breach, extortion incident appeared first on Cyberscoop.
Continue reading Senators grill Uber CISO over 2016 breach, extortion incident
Washington is waiting and watching for the Department of Justice to weigh in on the newly introduced Active Cyber Defence Certainty (ACDC) Act, a controversial proposal to legalize companies’ ability to “hack back” after being targeted in cyberattacks. Speaking at CyberTalks in Washington, D.C., on Wednesday, DOJ special counsel Leonard Bailey said the department is still looking at the House bill, and he commended co-sponsors Tom Graves, R-Ga. and Kyrsten Sinema, D-Ariz. for taking a years-long discussion “and actually producing legislative text.” “We look forward to thinking about that and figuring out what that balance looks like,” Bailey said. The DOJ’s position on ACDC is crucial because the bill would amend the Computer Fraud and Abuse Act (CFAA) as well as requiring law enforcement oversight and reports to the government by “entities that use active-defense techniques,” Graves explained last week when the newest version of the bill was introduced. NSA Director Adm. Mike Rogers warned Congress in May […]
The post DOJ examines controversial new ‘hack back’ bill appeared first on Cyberscoop.
Continue reading DOJ examines controversial new ‘hack back’ bill
HackerOne released its first report on its bug bounty program, and reveals an industry shift toward enlisting hackers for better cybersecurity. Continue reading Average Bug Bounty Payments Growing