Security News

The company has launched a $100,000 bug bounty for people who can break into Azure Sphere, its security system for IoT devices. The latest, the Sphere Security Research Challenge, lets bug hunters talk directly to Microsoft's technical team as they try to break into Sphere.

Microsoft has announced a new security research / bug bounty program aimed at testing and improving the security of Azure Sphere, its comprehensive IoT security solution. Through the Azure Sphere Security Service, the MCU can securely connect to the cloud and web, and the service makes sure that the booted software is genuine, that OS security updates are downloaded and installed securely and automatically.

Zoom announced on Wednesday that it has teamed up with Katie Moussouris' company, Luta Security, to revamp its bug bounty program. Zoom announced on April 1 that it would be making significant changes to its bug bounty program, after experts raised concerns about Zoom security and researchers reported finding potentially serious vulnerabilities in the video conferencing service.

The Tencent Security Response Center is launching an expanded bug-bounty program, via the HackerOne white-hat platform - and the company has increased its top reward to $15,000. Tencent, a China-based global internet service provider, is opening up its existing bug-bounty program to HackerOne's community of 600,000+ bug hunters, to widen the company's vulnerability reporting and technical sharing efforts, it said in a launch notice on Tuesday.

HackerOne announced on Tuesday that the bug bounty program of Chinese technology giant Tencent is now accessible through its platform. More than 600,000 hackers registered on HackerOne can join Tencent's bug bounty program to hunt for vulnerabilities in the company's products.

Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. CSO's investigation shows that the bug bounty platforms have turned bug reporting and disclosure on its head, what multiple expert sources, including HackerOne's former chief policy officer, Katie Moussouris, call a "Perversion."

Since the launch of the Hack the Pentagon program in 2016, bug bounty programs continue to increase in popularity - however, as more programs are created, some companies are forgetting the real reason behind bug bounties. Instead of aiming to make their systems more secure, companies are viewing bug bounty programs as a "One size fits all" solution for their business.

Over the course of 2019, Facebook paid security researchers a total of $2.2 million in rewards for vulnerability reports submitted to the social media platform's bug bounty program. For comparison, the social platform paid more than $1.1 million for over 700 valid reports submitted to its bug bounty program in 2018, and more than $880,000 for over 400 valid reports in 2017.

To mark the occasion, Dropbox also revealed details on a handful of older, resolved bugs for the first time. The issue involved a feature for Dropbox Professional and Business users that allows them to password-protect their shared links via an option in Link Settings.

Today, Open Bug Bounty already hosts 680 bug bounties, offering monetary or non-monetary remuneration for security researchers from over 50 countries. Global companies such as Telekom Austria, Acronis, or United Domains run their bug bounties at Open Bug Bounty.