Security News
Microsoft has revamped its Windows Insider Preview bug bounty program with higher rewards and an improved portal for bounty hunters to report flaws, in an effort to help sniff out more vulnerabilities on its platform. The Microsoft Windows Insider Preview bounty program is part of the Microsoft Windows Bounty Program, launched in 2017, which encompasses flaws in all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.
Virtual private network service ExpressVPN this week announced the launch of a bug bounty program managed by crowdsourced security testing platform Bugcrowd. ExpressVPN has been running a bug bounty rewards program for four years, paying tens of thousands of dollars to security researchers who reported vulnerabilities in its apps, network, servers, site, and routers, among other assets.
Verizon Media tops the list with $9.4 million paid out since it started its program in 2014, with its top bounty coming in at $70,000. That said, PayPal follows as a distant second with Verizon Media in terms of bounty volume.
HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs. According to HackerOne, Verizon has paid out more than $9.4 million since the launch of its program in February 2014, with a top bounty of $70,000 and an average first response time of 8 hours.
Bug bounty hunting is, at heart, a competitive market, and winner-takes-all is the easiest way for a vendor to avoid the problem of two researchers covertly colluding for extra money. Most bug bounty programs have a rule under which a reasonable timeframe is agreed for fixing the bug.
Sony this week announced the launch of a public PlayStation bug bounty program in partnership with hacker-sourced vulnerability hunting platform HackerOne. Previously, the company ran a private bug bounty with some researchers only, but says that it has come to realize that the research community plays an important role in improving security, and that the newly launched program builds on that realization.
The Defense Advanced Research Projects Agency is running a bug bounty program in an effort to find security vulnerabilities in a new, advanced implementation of the System Security Integration Through Hardware and Firmware program. With the new bug bounty program, DARPA is looking to harden SSITH hardware security protections in development.
HackerOne announced on Wednesday that its bug bounty platform has helped researchers earn more than $100 million since the company started paying hackers in October 2013. The San Francisco-based company reported in late February that it had paid out a total of over $82 million in bounties, $40 million of which was awarded in 2019 alone.
India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues. The nation has now decided to open the app and run a bug bounty programme.
India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues. The nation has now decided to open the app and run a bug bounty programme.