Articles about bug bounties

Gil C http://www.shutterstock.com/gallery-762415p1.html

No, I'm not surfing smut. I'm trying to score a bug bounty from P0rnhub

The world's most popular porn site PornHub has launched a somewhat restrictive security bug bounty. The site draws a eye-watering 60 million visitors a day and has been subject to breaches mainly limited to malvertising attacks which would generally not be uncovered by bug bounties. PornHub is running its bug bounty on the …
Darren Pauli, 11 May 2016
Selection of Australian banknotes

BugCrowd's $15m fund win shows Oz infosec can score Series B: CEO

Bugcrowd chief executive officer Casey Ellis says its recent win of $15m in Series B investment is a signal that Australian startups can score big. The funding round is led by Blackbird Ventures with participants Rally Ventures, Costanoa Venture Capital and Paladin Capital Group, along with Industry Ventures and Salesforce …
Darren Pauli, 27 Apr 2016
SuperTim's bacon bounty sarnie

MIT launches campus lunch bug bounty

The Massachusetts Institute of Technology has joined the growing number of large organisations and agencies to offer a bug bounty. The program is in an experimental phase and is open to current MIT students and affiliates, and includes a limited number of domains. Those submitting severe bugs will have money dropped into MIT …
Darren Pauli, 26 Apr 2016

Logging on to United's frequent flyer site might take longer than a flight

United Airlines has renovated the security on its frequent flyer scheme "MileagePlus" by requiring users to answer one of five security questions and enter a password when they log on. The airline sent emails to customers requesting they update their security from weak, short PINs to complex passwords. The new codes require …
Team Register, 21 Apr 2016

Microsoft account-hijacking hole closed 48 hours after bug report

British researcher Jack Whitton has reported a Microsoft account hijacking authentication bug that would have been another arrow in an attacker's phishing quiver, save for the fact that Microsoft fixed it. Whitton quietly reported the flaw to Microsoft which pounced and took only two days to process and patch the flaw. The …
Team Register, 5 Apr 2016

Hack the planet, er, Pentagon: US Dept of Defense puts bounties on bugs

The Pentagon will next month launch the US government's first bug bounty program encouraging hackers to break into its websites in what could lead to a broader invitation to hack state assets for cash. Details on the cash rewards offered under the 'Hack the Pentagon' program have not yet been released. it will use "commercial …
Darren Pauli, 3 Mar 2016

Bug bounty hunters score big dollars and the boom's only just begun

Feature Nathaniel Wakelam made US$250,000 last year. In his second job, finding and reporting bugs to bug bounty programs. Wakelam's a 20-year-old high school and university drop-out who has become something of a poster boy for the bug bounty boom, a movement that sees the world's biggest companies pay guys like him tens of thousands …
Darren Pauli, 22 Feb 2016

Facebook has paid $4.3m to bug-hunters since 2011

Facebook security engineer Reginaldo Silva says Menlo Park has paid out $4.3m (£3.8m, A$6m) for more than 2,400 vulnerability reports submitted since its bug bounty began in 2011. The payments made under one of the world's most popular bug bounty programmes were sent to more than 800 researchers who sent in a variety of cross- …
Darren Pauli, 15 Feb 2016

GitHub fixes 102 flaws, pays out $95k under bug bounty program

GitHub says it has paid out US$95,300 over two years under its bug bounty program. The payouts cover 102 medium to high-severity vulnerabilities reported by 58 researchers. These gems were pruned from some 1,172 bug reports that warranted an inspection by GitHub security bods, the rest of which didn't rate a pay-out. The …
Darren Pauli, 9 Feb 2016
Boba Fett

Bounty hunters won't blink until you dangle US$1500 bug reward

Organisations that aspire to operate bug bounty programs should be prepared to pay at least $1500 for impactful vulnerability reports, according to Bug Crowd. A document and questionnaire published today by the managed bug bounty platform offers businesses the ability to pair their current security postures, revenue, and staff …
Darren Pauli, 22 Jan 2016
Bubblecar Berkeley

General Motors turns key on bug bounty program

General Motors (GM) has opened a bug bounty program to allow hackers to report vulnerabilities in its vehicles. Vulnerability reporting guidelines are stringent; GM agrees not to "pursue claims" against researchers if bug hunters do not harm or violate the privacy of GM or its customers, drop a zero day, or breach criminal law …
Team Register, 11 Jan 2016

Bash, smash, trash Flash – earn $100k cash

Hackers can score US$100,000 from exploit arbitrage outfit Zerodium if they bypass Adobe's latest Flash heap isolation defence. Hackers will have to craft an exploit that escapes the sandbox to hit the jackpot, because that's more complex than a non-sandbox break which attracts a $65,000 reward. It comes less than a month …
Darren Pauli, 6 Jan 2016
Onions

Tor launches invite-only exploit bug bounty

Tor will this year investigate an exploit bug bounty paying researchers cash for flaws, lead developer Mike Perry says. The HackerOne invite-only scheme is expected to be opened to the public after Tor finds its feet handling disclosures. Bug bounties are a booming initiative under which tens of thousands of dollars are being …
Darren Pauli, 5 Jan 2016

US Army bug hunters in 'state of fear' that sees flaws go unreported

The US Army has gaping holes in its information security infrastructure and operates an environment of vulnerability reporting fear, according to current and former members of the department's cyber wing. Captain Michael Weigand and Captain Rock Stevens make the comments in an academic piece on the Cyber Defense Review, a …
Darren Pauli, 27 Oct 2015

Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant

Updated While other IT industry heavyweights have embraced bug bounties and working with security researchers more generally, Oracle has set its face in the opposite direction in a blog post likening reverse engineering to cheating on your spouse. Mary Ann Davidson, Oracle's chief security officer (CSO), expressed corporate dislike …
John Leyden, 11 Aug 2015

United Airlines bug bounty shells out 1.8M miles for three flaws

United Airlines has paid 1.5 million flight miles to two bug hunters who squelched 14 vulnerabilities under its newly hatched bug bounty program. Florida man Jordan Wiens reported two remote code execution bugs to the airline but could not detail the technical aspects given the program's non-disclosure agreement. The program …
Darren Pauli, 16 Jul 2015

XSSposed launches pay-whatever bug bounty

Cross-site scripting war board XSSposed has opened a pay-whatever bug bounty to help its hackers earn cash and tee-shirts. Launched overnight, the program lets anyone register their interest in hearing about vulnerabilities for any web property. They then have the opportunity to pay researchers for the finding. Admins who …
Darren Pauli, 7 Jul 2015

Redmond: IE Win 8.1 defence destroying hack ain't worth patch, natch

HP security research bod Dustin Childs says the company couldn't get Microsoft to patch an IE exploit, so it's gone public. Childs says the Address Space Layout Randomisation (ASLR) hole affects millions of 32bit systems and should have been patched. He says his former paymasters at Redmond did not consider the bug 'worth it …
Darren Pauli, 23 Jun 2015

Create a news alert about bug bounties, or find more stories about bug bounties.

Biting the hand that feeds IT © 1998–2018