How Commercial Bug Hunting Changed the Boutique Security Consultancy Landscape
It’s been almost 10 years since the first commercial for-profit bug bounty program was launched. Bug bounty programs have transformed the information security sector, and its negative impacts have been advertised as driving down companies’ consulting rates and raising ethics questions within the cybersecurity community. However, boutique security consultancies, particularly
Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies
Phineas Fisher, notorious hacktivist, is launching a new kind of bug bounty incentivizing crime. Fisher announced on Friday that he would pay hackers up to $100,000 to reward hackers for public interest hacks and leaks. Fisher aims to encourage hacktivists to carry out politically motivated attacks and leak documents in
Huawei Beats Google—Offers $220,000 For ‘Zero-Click’ Android Phone Hacks
Chinese tech giant Huawei launched a bug bounty program last week that will reward bug hunters up to $220,000 for detecting critical weaknesses in its Android devices. This program beats Google’s, who offers up to $200,000 for demonstrations of similar attacks on its Pixel phones. Huawei revealed the program in
GitHub launches ‘Security Lab’ to help secure open-source ecosystem
At the GitHub conference on Thursday, GitHub announced a new program called Security Lab, a collaboration between different security researchers to fix bugs in open source projects. GitHub stated that the team will dedicate full-time resources to find vulnerabilities in popular open-source projects. The members come from organizations like Microsoft,
Bugcrowd Pays Out Over $500K in Bounties in One Week
In October, Bugcrowd disclosed that around 550 hackers from around the world reported roughly 6,500 vulnerabilities, resulting in a total payout of $1.6 million. The company, which launched in 2011, announced that over $513,000 of the monthly payouts were made last week: breaking a company record of most vulnerabilities reported
Organizations At Risk for Data Breaches: System Vulnerabilities Increase by 92 Percent
Bugcrowd has released a new study on the current state of crowdsourced security. The report cites a 92% surge in the total number of vulnerabilities that were reported by bug bounty researchers last year, compared to the previous report. Researchers are not only finding more flaws, but they are also
DoD bug bounty program to expand to more sensitive systems
“In yet another contract allowing outside hackers to test systems for vulnerabilities, the Department of Defense is opening the doors to more sensitive systems. In the past the bug bounties, as they’re known, focused on public-facing DoD websites. They allow vetted hackers to search for vulnerabilities for cash payouts that
Hackers Target Marines for Pentagon’s Latest Bug Bounty
A live hacking event in Las Vegas is targeting the Marine Corps in the Pentagon’s latest bug bounty program. Around 100 hackers were selected to identify vulnerabilities in the Corps’ primary communications network. Over the nine-hour event, hackers found 75 vulnerabilities and won $80,000 in bounties. “Working with the ethical