Security News

As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program to lure threat hunters' attention to open-source supply chains. Following a spate of spectacular software supply-chain breaches, market leaders have decided to throw in some cash to fund the IBB to incentivize bug hunters to take a closer look at open-source code.

Singapore's governmental digital services arm, GovTech, has launched a "Rewards programme" to further crowdsource tests of the nation's cybersecurity. The Vulnerability Rewards Programme joins the Government Bug Bounty Programme and the Vulnerability Disclosure Programme, all of which work alongside the government's own security checks.

Bugcrowd announced Audiomack, a free music sharing and discovery platform, is launching a public Bug Bounty program to strengthen the security of its internet-connected assets. Audiomack has also operated a Vulnerability Disclosure Program through the Bugcrowd platform over the last year, helping them streamline the process of triaging and validating potential issues so that they can focus their security efforts on remediation.

The mysterious miscreant who exploited a software vulnerability in Poly Network to drain $600m in crypto-assets, claims the Chinese blockchain company offered them $500,000 as a reward for discovering the weakness. "We appreciate you sharing your experience and believe your action constitutes white hat behaviour ... Since, we believe your action is white hat behaviour, we plan to offer you a $500,000 bug bounty after you complete the refund fully," the thief wrote in their transaction metadata, seemingly quoting or paraphrasing a message received from Poly Network.

The United Kingdom’s Ministry of Defence (MoD) announced the conclusion of its first bug bounty challenge with HackerOne. The Ministry of Defence program was a 30-day, hacker-powered security test...

Google has revealed that its bug bounty program - which it styles a "Vulnerability Reward Program" - has paid out for 11,055 bugs found in its services since 2010. 11,055 bugs seems like a lot, but it's not out of step with other vendors.

Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years. Since the launch of Google Vulnerability Rewards Program 10 years ago, the company said it paid bounties on 11,055 vulnerabilities that were reported by 2,022 researchers from 84 countries.

Shopify has forked out $50,000 in a bug bounty payment to computer science student Augusto Zanellato following the discovery of a publicly available access token which gave world+dog read-and-write access to the company's source code repositories. "I found out that the user in question was a member of the Shopify organisation and that he had push and pull access to all the private Shopify repositories."

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million round of venture capital financing. The Series B funding round included investments from.

Microsoft on Monday announced that it has included the Teams mobile applications for Android and iOS within the scope of its bug bounty programs. The company added the desktop client of the Teams business communication platform to the Applications Bounty Program back in March, and is now expanding the program to include the mobile clients as well.