Security News

HP has expanded its Bug Bounty Program to focus specifically on office-class print cartridge security vulnerabilities. As part of this program, HP has engaged with Bugcrowd to conduct a three-month program in which four professional white hat hackers have been challenged to identify vulnerabilities in HP Original print cartridges.

Threatpost brought together leading voices in the bug bounty community to participate in a webinar Five Essentials for Running a Successful Bug Bounty Program. Are the hackers getting legal advice before engaging in these programs or are you relying on the bug bounty programs to keep them within in the legal lines?

Bounty-hunting hackers are uncovering new vulnerabilities every two minutes on average, according to bug bounty platform HackerOne. "Mickos rejected the idea that ethical hackers deprived of a legitimate bug bounty market would instead sell newly discovered vulnerabilities to black hats for exploitation, saying:"If we didn't organise this program, the vulnerabilities would not be sold to criminals.

Google this week increased the reward amounts paid to researchers for reporting abuse risk as part of its bug bounty program. Google added product abuse risks to its Vulnerability Reward Program two years ago and says that more than 750 such issues have been identified since.

FireEye this week announced that its Bugcrowd-powered bug bounty program has become public, for all registered researchers to participate. The program, which has been running privately on the crowd-sourced bug hunting platform for a while, welcomes all Bugcrowd researchers interested in identifying vulnerabilities in a broad range of FireEye websites, including those of subsidiaries and localized domains.

Microsoft reported on Tuesday that it paid out roughly $13.7 million through its bug bounty programs between July 1, 2019, and June 30, 2020. The tech giant runs 15 bug bounty programs, which 327 researchers used in the past year to report 1,226 eligible vulnerabilities.

Microsoft has revamped its Windows Insider Preview bug bounty program with higher rewards and an improved portal for bounty hunters to report flaws, in an effort to help sniff out more vulnerabilities on its platform. The Microsoft Windows Insider Preview bounty program is part of the Microsoft Windows Bounty Program, launched in 2017, which encompasses flaws in all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.

Virtual private network service ExpressVPN this week announced the launch of a bug bounty program managed by crowdsourced security testing platform Bugcrowd. ExpressVPN has been running a bug bounty rewards program for four years, paying tens of thousands of dollars to security researchers who reported vulnerabilities in its apps, network, servers, site, and routers, among other assets.

Verizon Media tops the list with $9.4 million paid out since it started its program in 2014, with its top bounty coming in at $70,000. That said, PayPal follows as a distant second with Verizon Media in terms of bounty volume.

HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs. According to HackerOne, Verizon has paid out more than $9.4 million since the launch of its program in February 2014, with a top bounty of $70,000 and an average first response time of 8 hours.