Security News

Watch directly on YouTube if the video won't play here. Click the on-screen Settings cog to speed up playback or show subtitles.

The skyrocketing OpenBugBounty project is the only non-for-profit vulnerability disclosure and Bug Bounty platform on our list. With over 1,200 active Bug Bounty programs, OpenBugBounty also permits coordinated disclosure of security issues on any website if the issue was detected by non-intrusive means.

Google this week said it paid out more than $6.7 million in rewards as part of its bug bounty programs in 2020. The total amount of bug bounty rewards increased only slightly compared to 2019, when the Internet search giant paid just over $6.5 million.

The U.S. government on Wednesday announced the launch of another bug bounty program conducted in collaboration with hacker-powered cybersecurity platform HackerOne. Hack the Army 3.0, whose goal is to help the U.S. Army secure its digital assets and protect its systems against cyberattacks, takes place between January 6 and February 17, and it's open to both millitary and civilian white hat hackers.

Offensive Security announced a new bounty program for user generated content. Members of the infosecurity community can now receive cash bounties for submitting vulnerable virtual machines to Offensive Security that are eligible to be incorporated into the Proving Grounds training labs.

The UK's Ministry of Defence has launched a bug bounty scheme, promising privateer pentesters they won't be prosecuted if they stick to the published script. The MoD has joined forces with bug bounty platform HackerOne, with the scheme seemingly being aimed at those who probe external web-facing parts of the ministry's sprawling digital estate.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

Bug bounty hunters have earned a total of more than $1.2 million over the weekend at the 2020 Tianfu Cup International PWN Contest, a major hacking competition that takes place every year in China. The winner was a team representing Chinese cybersecurity firm Qihoo 360, which earned over $740,000.

In a report published this week, HackerOne reveals that XSS flaws accounted for 18% of all reported issues, and that the bounties companies paid for these bugs went up 26% from last year, reaching $4.2 million. The second most awarded vulnerability type in 2020, HackerOne says, is Improper Access Control, which saw a 134% increase in occurrence compared to 2019, with a total of $4 million paid by companies in bug bounty rewards.

The vulnerability - which enables attackers to inject client-side scripts into web pages viewed by other users - earned hackers $4.2 million in total bug-bounty awards in the last year, a 26-percent increase from what was paid out in 2019 for finding XSS flaws, according to the report. In total, organizations paid ethical hackers $23.5 million in bug bounties for all of these flaws this year, according to HackerOne, which maintains a database of 200,000 vulnerabilities found by hackers.