Security News

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

Facebook has awarded a security researcher $20,000 for discovering a cross-site scripting vulnerability in the Facebook Login SDK, which is used by developers to add a "Continue with Facebook" button to a page as an authentication method. He discovered an issue there in the Facebook Login SDK for JavaScript.

The company has launched a $100,000 bug bounty for people who can break into Azure Sphere, its security system for IoT devices. The latest, the Sphere Security Research Challenge, lets bug hunters talk directly to Microsoft's technical team as they try to break into Sphere.

Microsoft has announced a new security research / bug bounty program aimed at testing and improving the security of Azure Sphere, its comprehensive IoT security solution. Through the Azure Sphere Security Service, the MCU can securely connect to the cloud and web, and the service makes sure that the booted software is genuine, that OS security updates are downloaded and installed securely and automatically.

A critical GitLab vulnerability, which could be leveraged by a remote attacker to execute code, recently netted a researcher a $20,000 bug-bounty award. The flaw was reported to GitLab by software developer William Bowling via the HackerOne bug bounty platform on March 23.

Zoom announced on Wednesday that it has teamed up with Katie Moussouris' company, Luta Security, to revamp its bug bounty program. Zoom announced on April 1 that it would be making significant changes to its bug bounty program, after experts raised concerns about Zoom security and researchers reported finding potentially serious vulnerabilities in the video conferencing service.

The Tencent Security Response Center is launching an expanded bug-bounty program, via the HackerOne white-hat platform - and the company has increased its top reward to $15,000. Tencent, a China-based global internet service provider, is opening up its existing bug-bounty program to HackerOne's community of 600,000+ bug hunters, to widen the company's vulnerability reporting and technical sharing efforts, it said in a launch notice on Tuesday.

HackerOne announced on Tuesday that the bug bounty program of Chinese technology giant Tencent is now accessible through its platform. More than 600,000 hackers registered on HackerOne can join Tencent's bug bounty program to hunt for vulnerabilities in the company's products.

Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. CSO's investigation shows that the bug bounty platforms have turned bug reporting and disclosure on its head, what multiple expert sources, including HackerOne's former chief policy officer, Katie Moussouris, call a "Perversion."

Group video chat app Houseparty has offered a $1m bounty to identify what it claims is an organised campaign to falsely depict it as a hackers' backdoor. Announced at 4am UTC on the firm's Twitter account, the million-dollar bounty is being offered to "The first individual to provide proof of such a campaign," with Epic Games, the firm behind Houseparty, alleging this effort is "a paid commercial smear to harm Houseparty."