It’s been almost 10 years since the first commercial for-profit bug bounty program was launched. Bug bounty programs have transformed the information security sector, and its negative impacts have been advertised as driving down companies’ consulting rates and raising ethics questions within the cybersecurity community. However, boutique security consultancies, particularly

Phineas Fisher, notorious hacktivist, is launching a new kind of bug bounty incentivizing crime. Fisher announced on Friday that he would pay hackers up to $100,000 to reward hackers for public interest hacks and leaks. Fisher aims to encourage hacktivists to carry out politically motivated attacks and leak documents in

Chinese tech giant Huawei launched a bug bounty program last week that will reward bug hunters up to $220,000 for detecting critical weaknesses in its Android devices. This program beats Google’s, who offers up to $200,000 for demonstrations of similar attacks on its Pixel phones. Huawei revealed the program in

At the GitHub conference on Thursday, GitHub announced a new program called Security Lab, a collaboration between different security researchers to fix bugs in open source projects. GitHub stated that the team will dedicate full-time resources to find vulnerabilities in popular open-source projects. The members come from organizations like Microsoft,

In October, Bugcrowd disclosed that around 550 hackers from around the world reported roughly 6,500 vulnerabilities, resulting in a total payout of $1.6 million. The company, which launched in 2011, announced that over $513,000 of the monthly payouts were made last week: breaking a company record of most vulnerabilities reported

Bugcrowd has released a new study on the current state of crowdsourced security. The report cites a 92% surge in the total number of vulnerabilities that were reported by bug bounty researchers last year, compared to the previous report. Researchers are not only finding more flaws, but they are also

“In yet another contract allowing outside hackers to test systems for vulnerabilities, the Department of Defense is opening the doors to more sensitive systems. In the past the bug bounties, as they’re known, focused on public-facing DoD websites. They allow vetted hackers to search for vulnerabilities for cash payouts that

A live hacking event in Las Vegas is targeting the Marine Corps in the Pentagon’s latest bug bounty program. Around 100 hackers were selected to identify vulnerabilities in the Corps’ primary communications network. Over the nine-hour event, hackers found 75 vulnerabilities and won $80,000 in bounties. “Working with the ethical