Security News

The 10 vulnerabilities most commonly discovered by bug bounty hunters in 2020
2020-10-29 13:00

HackerOne's list was topped by cross-site scripting, and found improper access control and SSRF vulnerabilities to be climbing in number and risk potential. Bug bounty platform HackerOne has released its list of the most commonly discovered security vulnerabilities for 2020, with the 10 vulnerabilities listed accounting for $23.5 million in payouts to white hat hackers hunting down bugs and reporting them on its platform.

How the Pandemic is Reshaping the Bug-Bounty Landscape
2020-10-28 17:23

I think, you've seen kind of how bounty programs specifically have shifted over the past decade or so, are you finding that companies are becoming more open to launching bug bounty programs? To your point about the the current ongoing pandemic, I know that that has had several impacts across the board, but specifically as it relates to bug bounty, like, I know that like Zoom, having kind of that influx in its user base, was looking to what their own bug bounty program and how they could improve that to kind of keep up with the the vulnerabilities that were being processed there.

Bug bounty reporter cashes out on someone else's exploit
2020-10-19 09:39

Last year, HackerOne had paid over $62 million in bug bounty rewards, with the figure surpassing $100 million this year according to the platform's latest report. Over the weekend, security professional Guido Vranken alleged that a vulnerability reported to Monero's bug bounty program run by HackerOne was a verbatim copy of his previously discovered exploit.

TikTok Launches Public Bug Bounty Program
2020-10-16 18:16

TikTok announced this week that it has launched a public bug bounty program in collaboration with HackerOne. It's not uncommon for security researchers to find vulnerabilities in the TikTok app.

TikTok Launches Bug Bounty Program Amid Security SNAFUs
2020-10-16 13:26

TikTok has expanded its vulnerability disclosure policy to include a global bug-bounty program through a partnership with the ethical hacker platform HackerOne. Hackers who find critical vulnerabilities in TikTok's platform can receive between $6,900 to $14,800 according to the program, which marks the first time TikTok has invited the public security community to analyze its platform for vulnerabilities.

Facebook Announces Bug Bounty Loyalty Program, Streamlined Bug Triage
2020-10-12 18:27

Facebook has announced a series of updates for its bug bounty program, including bonus rewards for engaged researchers, as well as a faster bug triage process. The social media platform announced that it streamlined the triage of security vulnerabilities reported through its bug bounty program, to increase efficiency and lower response timeframe.

Facebook Debuts Bug-Bounty ‘Loyalty Program’
2020-10-09 14:50

Facebook has lifted the curtain on what it claims is an industry first: A loyalty program as part of its bug-bounty offering, which aims to further incentivize researchers to find vulnerabilities in its platform. The loyalty program, called "Hacker Plus," offers bonuses on top of bounty awards, access to more products and features that researchers can stress-test, and invites to Facebook annual events.

Want to set up a successful bug bounty? Make sure you write it for the flaw finders and not the lawyers
2020-10-08 22:40

If you're designing a security bug bounty for your organization's products, by all means get the lawyers to take a look, but keep their hands off the keyboard. Chloé Messdaghi, veep of strategy at infosec training firm Point3, said she's encountered bounty programs that look more like they're intended for the legal team than the security community.

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security
2020-10-06 19:44

Grindr isn't alone - many companies are looking to adopt, or have already adopted, bug-bounty programs or vulnerability-disclosure programs. It's important to distinguish the two: A bug-bounty program offers cash rewards for finding flaws, while a VDP covers when a vulnerability is reported by a third party to an organization.

HP expands its Bug Bounty Program to focus on office-class print cartridge security vulnerabilities
2020-10-02 03:30

HP has expanded its Bug Bounty Program to focus specifically on office-class print cartridge security vulnerabilities. As part of this program, HP has engaged with Bugcrowd to conduct a three-month program in which four professional white hat hackers have been challenged to identify vulnerabilities in HP Original print cartridges.