Security News

Google Pays $10M in Bug Bounties in 2023
2024-03-22 11:01

It's $2M less than in 2022, but it's still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program's launch in 2010 has reached $59 million.

Google Offers Bug Bounties for Generative AI Security Vulnerabilities
2023-10-31 19:36

Google joins OpenAI and Microsoft in rewarding AI bug hunts. Google expanded its Vulnerability Rewards Program to include bugs and vulnerabilities that could be found in generative AI. Specifically, Google is looking for bug hunters for its own generative AI, products such as Google Bard, which is available in many countries, or Google Cloud's Contact Center AI, Agent Assist.

HackerOne paid ethical hackers over $300 million in bug bounties
2023-10-28 15:17

HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. Thirty hackers have earned over a million USD for their submissions, and one has broken the record, receiving over $4 million for his bug reports.

Google bug bounties inch closer to Microsoft's payouts
2023-06-24 14:19

Bug hunters who found security holes in Google - and also responsibly disclosed details of those flaws to the Chocolate Factory - earned more than $12 million in bounty rewards in 2022, marking a record year for the corporation's Vulnerability Reward Programs in terms of payouts and number of vulnerabilities found and fixed. Avrahami found several vulnerabilities and attack paths in Google Kubernetes Engine Autopilot that would allow an attacker to escape their pod, compromise the underlying node, escalate privileges to administrator level, and then deploy backdoors to maintain this access.

Google paid $12 million in bug bounties to security researchers
2023-02-22 21:17

Google last year paid its highest bug bounty ever through the Vulnerability Reward Program for a critical exploit chain report that the company valued at $605,000. In total, Google spent over $12 million for more than 2,900 vulnerabilities in its products discovered and reported by security researchers.

Pentagon is far too tight with its security bug bounties
2022-09-29 21:27

According to bug bounty platform HackerOne and the DoD, the Hack US initiative received 648 submissions from 267 security researchers who uncovered 349 security holes. The Pentagon didn't say how many bug hunters received rewards, or how much they each earned.

The Week in Ransomware - July 1st 2022 - Bug Bounties
2022-07-01 19:35

It has been relatively busy this week with new ransomware attacks unveiled, a bug bounty program introduced, and new tactics used by the threat actors to distribute their encryptors. The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.

Microsoft ups bug bounties 30% for cloud lines, pays more for 'scenario-based' exploits
2022-04-18 18:12

Microsoft will pay more - up to $26,000 more - for "High-impact" bugs in its Office 365 products via its bug bounty program. The new "Scenario-based" payouts to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program aim to incentivize bug hunters to focus on finding vulnerabilities with "The highest potential impact on customer privacy and security," Microsoft said late last week.

UK's Ministry of Defence coughs up bug bounties for crowdsourced pentesting
2021-08-03 14:20

The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed web-accessible systems for vulnerabilities, according to a cheery missive from HackerOne. A month-long "Hacker security test" culminated in a couple of dozen folk being handed unspecified rewards - and marking the first public confirmation of HackerOne's UK government partnership.

Microsoft Paid Out $13.6 Million in Bug Bounties in Past Year
2021-07-09 12:05

Microsoft this week revealed that it paid out more than $13.6 million in bug bounties between July 1, 2020, and June 30, 2021. As part of the company's 17 bug bounty and grant programs, participating security researchers can earn awards as high as $250,000 - the highest rewards are for critical vulnerabilities in Hyper-V. More than 340 security researchers across 58 countries received payouts as part of Microsoft's bug bounty programs over the past year, with the largest single amount awarded by the company being $200,000, for a Hyper-V vulnerability.