12 Dec 2019

How Commercial Bug Hunting Changed the Boutique Security Consultancy Landscape

It’s been almost 10 years since the first commercial for-profit bug bounty program was launched. Bug bounty programs have transformed the information security sector, and its negative impacts have been advertised as driving down companies’ consulting rates and raising ethics questions within the cybersecurity community. However, boutique security consultancies, particularly

Read More
21 Nov 2019

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies

Phineas Fisher, notorious hacktivist, is launching a new kind of bug bounty incentivizing crime. Fisher announced on Friday that he would pay hackers up to $100,000 to reward hackers for public interest hacks and leaks. Fisher aims to encourage hacktivists to carry out politically motivated attacks and leak documents in

Read More
20 Nov 2019

Huawei Beats Google—Offers $220,000 For ‘Zero-Click’ Android Phone Hacks

Chinese tech giant Huawei launched a bug bounty program last week that will reward bug hunters up to $220,000 for detecting critical weaknesses in its Android devices. This program beats Google’s, who offers up to $200,000 for demonstrations of similar attacks on its Pixel phones. Huawei revealed the program in

Read More
15 Nov 2019

GitHub launches ‘Security Lab’ to help secure open-source ecosystem

At the GitHub conference on Thursday, GitHub announced a new program called Security Lab, a collaboration between different security researchers to fix bugs in open source projects. GitHub stated that the team will dedicate full-time resources to find vulnerabilities in popular open-source projects. The members come from organizations like Microsoft,

Read More
11 Nov 2019

Bugcrowd Pays Out Over $500K in Bounties in One Week

In October, Bugcrowd disclosed that around 550 hackers from around the world reported roughly 6,500 vulnerabilities, resulting in a total payout of $1.6 million. The company, which launched in 2011, announced that over $513,000 of the monthly payouts were made last week: breaking a company record of most vulnerabilities reported

Read More
02 Aug 2019

Organizations At Risk for Data Breaches: System Vulnerabilities Increase by 92 Percent

Bugcrowd has released a new study on the current state of crowdsourced security. The report cites a 92% surge in the total number of vulnerabilities that were reported by bug bounty researchers last year, compared to the previous report. Researchers are not only finding more flaws, but they are also

Read More
25 Oct 2018

DoD bug bounty program to expand to more sensitive systems

“In yet another contract allowing outside hackers to test systems for vulnerabilities, the Department of Defense is opening the doors to more sensitive systems. In the past the bug bounties, as they’re known, focused on public-facing DoD websites. They allow vetted hackers to search for vulnerabilities for cash payouts that

Read More
14 Aug 2018

Hackers Target Marines for Pentagon’s Latest Bug Bounty

A live hacking event in Las Vegas is targeting the Marine Corps in the Pentagon’s latest bug bounty program. Around 100 hackers were selected to identify vulnerabilities in the Corps’ primary communications network. Over the nine-hour event, hackers found 75 vulnerabilities and won $80,000 in bounties. “Working with the ethical

Read More