Security News

Microsoft is offering rewards of up to $20,000 for finding vulnerabilities in its Xbox gaming platform through its latest bug bounty program unveiled this week. The Xbox Bounty Program is open to gamers, security researchers and basically anyone who can help the tech giant identify security vulnerabilities in the Xbox Live network and services and share them with the Xbox team, Chloé Brown, a Microsoft Security Response Center program manager, said in a blog post Thursday.

Gamers, security researchers, and technologists have been invited to identify security vulnerabilities in Xbox network and services and report them to Microsoft. Microsoft runs a number of bug bounty programs and has now decided that their Xbox offerings need extra attention from security researchers.

Google paid out $6.5 million in bug-bounty rewards in 2019, which doubles the internet behemoth's previous annual top total. Requested quarry includes apps that violate Google Play, Google API and Google Chrome Web Store Extension privacy policies.

Google claims it paid out over $6.5 million through its bug bounty programs in 2019, which brings the total awarded by the company since the launch of its first program in 2010 to more than $21 million. The total amount paid out in 2019 was nearly double compared to the previous year, and Google says the researchers who took part in its bug bounty programs donated an all-time-high of $500,000 to charity.

Through partnership with the Defense Digital Service, the U.S. Department of Defense and HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the results of the second Army bug bounty program, 'Hack the Army 2.0'. Fifty-two trusted hackers participated in the Hack the Army 2.0 bug bounty challenge, reporting 146 valid vulnerabilities over the course of five-weeks.

The Cloud Native Computing Foundation this week announced the launch of a public bug bounty program for Kubernetes, with rewards of up to $10,000 per vulnerability. It was originally developed by Google and it's now maintained by the CNCF. The new bug bounty program is hosted by HackerOne and CNCF says it will do its best to respond to submitted reports within one business day, triage vulnerabilities within 10 days, and pay out a bounty within 10 days from triage.

The Cloud Native Computing Foundation is inviting bug hunters to search for and report vulnerabilities affecting Kubernetes. Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management.

A public bug-bounty program for the Kubernetes container technology framework has just launched, backed by Google, HackerOne and the Cloud Native Computing Foundation. The program's scope covers code from the main Kubernetes organizations on GitHub, as well as "Continuous integration, release and documentation artifacts," according to a Kubernetes security team post on Tuesday.

Apple this week kicked off its public bug bounty program, just over four months after announcing it officially at the Black Hat cybersecurity conference in Las Vegas. read more

The tech giant is looking for full working exploits with any vulnerability submission.