Security News

TikTok, GitHub, Facebook Join Open-Source Bug Bounty
2021-09-22 14:52

As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program to lure threat hunters' attention to open-source supply chains. Following a spate of spectacular software supply-chain breaches, market leaders have decided to throw in some cash to fund the IBB to incentivize bug hunters to take a closer look at open-source code.

Singapore adds a third bug bounty program – this time to fortify government digital services
2021-09-01 04:14

Singapore's governmental digital services arm, GovTech, has launched a "Rewards programme" to further crowdsource tests of the nation's cybersecurity. The Vulnerability Rewards Programme joins the Government Bug Bounty Programme and the Vulnerability Disclosure Programme, all of which work alongside the government's own security checks.

Audiomack launches Bug Bounty program on Bugcrowd platform to strengthen its security
2021-08-17 00:30

Bugcrowd announced Audiomack, a free music sharing and discovery platform, is launching a public Bug Bounty program to strengthen the security of its internet-connected assets. Audiomack has also operated a Vulnerability Disclosure Program through the Bugcrowd platform over the last year, helping them streamline the process of triaging and validating potential issues so that they can focus their security efforts on remediation.

United Kingdom’s MoD announces the results of its bug bounty program with HackerOne
2021-08-03 22:50

The United Kingdom’s Ministry of Defence (MoD) announced the conclusion of its first bug bounty challenge with HackerOne. The Ministry of Defence program was a 30-day, hacker-powered security test...

Google revamps bug bounty program
2021-07-28 06:58

Google has revealed that its bug bounty program - which it styles a "Vulnerability Reward Program" - has paid out for 11,055 bugs found in its services since 2010. 11,055 bugs seems like a lot, but it's not out of step with other vendors.

Google Paid Over $29 Million in Bug Bounty Rewards in 10 Years
2021-07-27 16:06

Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years. Since the launch of Google Vulnerability Rewards Program 10 years ago, the company said it paid bounties on 11,055 vulnerabilities that were reported by 2,022 researchers from 84 countries.

Compsci student walks off with $50,000 after bug bounty report blows gaping hole in Shopify software repos
2021-07-27 12:14

Shopify has forked out $50,000 in a bug bounty payment to computer science student Augusto Zanellato following the discovery of a publicly available access token which gave world+dog read-and-write access to the company's source code repositories. "I found out that the user in question was a member of the Shopify organisation and that he had push and pull access to all the private Shopify repositories."

Bug Bounty and VDP Platform YesWeHack Raises $18.8 Million
2021-07-22 18:49

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million round of venture capital financing. The Series B funding round included investments from.

Microsoft Adds Teams Mobile Applications to Bug Bounty Program
2021-07-20 12:32

Microsoft on Monday announced that it has included the Teams mobile applications for Android and iOS within the scope of its bug bounty programs. The company added the desktop client of the Teams business communication platform to the Applications Bounty Program back in March, and is now expanding the program to include the mobile clients as well.

GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016
2021-06-28 12:42

Microsoft-owned software development solutions provider GitHub announced on Friday that it has paid out more than $1.5 million through its bug bounty program since 2016, when it started using the HackerOne bug bounty platform. According to the company, in 2020, it paid out over half a million dollars for more than 200 vulnerabilities affecting its products and services.