Security News

Bugcrowd announced Audiomack, a free music sharing and discovery platform, is launching a public Bug Bounty program to strengthen the security of its internet-connected assets. Audiomack has also operated a Vulnerability Disclosure Program through the Bugcrowd platform over the last year, helping them streamline the process of triaging and validating potential issues so that they can focus their security efforts on remediation.

The United Kingdom’s Ministry of Defence (MoD) announced the conclusion of its first bug bounty challenge with HackerOne. The Ministry of Defence program was a 30-day, hacker-powered security test...

Google has revealed that its bug bounty program - which it styles a "Vulnerability Reward Program" - has paid out for 11,055 bugs found in its services since 2010. 11,055 bugs seems like a lot, but it's not out of step with other vendors.

Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years. Since the launch of Google Vulnerability Rewards Program 10 years ago, the company said it paid bounties on 11,055 vulnerabilities that were reported by 2,022 researchers from 84 countries.

Shopify has forked out $50,000 in a bug bounty payment to computer science student Augusto Zanellato following the discovery of a publicly available access token which gave world+dog read-and-write access to the company's source code repositories. "I found out that the user in question was a member of the Shopify organisation and that he had push and pull access to all the private Shopify repositories."

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million round of venture capital financing. The Series B funding round included investments from.

Microsoft on Monday announced that it has included the Teams mobile applications for Android and iOS within the scope of its bug bounty programs. The company added the desktop client of the Teams business communication platform to the Applications Bounty Program back in March, and is now expanding the program to include the mobile clients as well.

Microsoft-owned software development solutions provider GitHub announced on Friday that it has paid out more than $1.5 million through its bug bounty program since 2016, when it started using the HackerOne bug bounty platform. According to the company, in 2020, it paid out over half a million dollars for more than 200 vulnerabilities affecting its products and services.

Southeast Asian e-commerce platform Lazada on Thursday announced the launch of a public bug bounty program with YesWeHack. Since January 2020, the Alibaba-owned platform has been running a private bug bounty program that resulted in more than $150,000 being paid out in bug bounty rewards.

Eavesdropping on the chatter of 600+ cybercriminal forums shows that cybercriminals have specific preferences, shown by the flavors of exploits they requisition, and that the bug bounty programs either are too slow, don't pay enough or are just the start of profit-making. A year-long study into the underground market for exploits in cybercriminal forums demonstrates that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits, but that exploits can be valuable for years past their zero days, meaning that patching is still high-priority for high-priority vulnerabilities.