Security News

In this Help Net Security interview, Roy Davis, Manager - Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers. Disputes over bug classifications: Bug bounty programs usually have guidelines for classifying the severity of reported vulnerabilities, and determining the reward amount.

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing a high level of community participation in Google's security efforts.

Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to earn up to $20,000 for the most critical bugs. Microsoft Defender includes various products and services that are build to secure and protect Microsoft users.

Interview Microsoft's bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade - with $60 million awarded to bug hunters in the past five years alone, according to Redmond. She credited Katie Moussouris, who played a key role in convincing Redmond's top brass that Microsoft needed a bug bounty program - despite execs vowing never to pay researchers for bugs.

Google has expanded its bug bounty program, aka Vulnerability Rewards Program, to cover threats that could arise from Google's generative AI systems. Following the voluntary commitment to the Biden-⁠Harris Administration to develop responsible AI and manage its risks, Google has added AI-related risks to its bug bounty program, which gives recognition and compensation to ethical hackers who successfully find and disclose vulnerabilities in Google's systems.

Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in...

Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered "Bing experience"."The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including an AI security research challenge and an update to Microsoft's vulnerability severity classification for AI systems," says Lynn Miyashita, a technical program manager with the Microsoft Security Response Center.

Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. AI-powered Bing experiences on bing.com in Browser AI-powered Bing integration in Microsoft Edge, including Bing Chat for Enterprise.

Criminal IP, an OSINT-based CTI search engine provided by AI SPERA, has recently announced the introduction of a bug bounty program aimed at strengthening the safety of its services and protecting its users. The bug bounty program introduced by Criminal IP encourages security researchers to identify and report potentially exploitable vulnerabilities within its systems.

Google has launched the Mobile Vulnerability Rewards Program, a new bug bounty program that will pay security researchers for flaws found in the company's Android applications. As the company said, the main goal behind the Mobile VRP is to speed up the process of finding and fixing weaknesses in first-party Android apps, developed or maintained by Google.