Articles about Bug Bounty

Samsung pays up to $200,000 in bug bounty program

Writing code coding programming programmer coder developer

To improve the security of their products, many high profile tech companies have introduced bug bounty programs. The rewards can be pretty substantial, depending on the severity of the bug and the quality of the report, as Samsung's first such initiative focused on its mobile devices proves.

Called the Mobile Security Rewards Program, Samsung's bug bounty program will pay researchers up to $200,000 for finding security vulnerabilities in its mobile devices and related software.

Continue reading

Microsoft launches Windows Bounty Program to weed out Windows 10 bugs

Image credit: g0d4ather and StockSmartStart / Shutterstock

Microsoft is one of many technology companies to run bounty programs giving people the opportunity to earn a bundle of cash for finding bugs and security issues with software. Now the software giant has launched the Windows Bounty Program, offering rewards of up to $250,000.

Of course, the starting point for rewards is much lower -- just $500, but still better than a kick in the teeth. This new bounty program has four key areas of focus in addition to the Windows Insider program: Microsoft Hyper-V, Mitigation bypass and Bounty for defense, Windows Defender Application Guard, and Microsoft Edge.

Continue reading

Microsoft Edge bug bounty program now permanent

Computer bug

Microsoft introduced a bug bounty program for Edge last August. Originally intended as a temporary thing, it will now live on as the software giant reports that it has lead to major improvements in its browser's security.

As is the case with bug bounty programs, part of the appeal for security researchers is the financial side. In this case, Microsoft says that it has paid over $200,000 in bounties in since it kicked off.

Continue reading

Intel's first bug bounty program has $30,000 top reward


Security researchers can make a lot of money by reporting bugs to software and hardware vendors. Microsoft, for instance, pays up to $15,000 for vulnerabilities in Office Insider, while Intel, through its first bug bounty program, takes things up a notch with a top reward of $30,000.

Intel's first bug bounty program was announced on HackerOne, and targets firmware, software and hardware products. Hardware vulnerabilities have the highest top reward, followed by firmware and then software.

Continue reading

Microsoft will pay up to $15,000 for Office Insider vulnerabilities

Computer bug

Microsoft wants to make Office more secure, so it has announced a bug bounty program for Office Insiders to catch vulnerabilities before shipping a public release.

The bug bounty program targets the Windows version of Office on the Slow ring and features rewards of up to $15,000, but for "certain submissions" -- presumably highly-critical security holes -- the software giant says that researchers can expected to be paid more.

Continue reading

1Password raises top bug bounty reward to $100,000


AgileBits, the company behind popular password manager 1Password, is raising the top bug bounty reward from $25,000 to $100,000, following the discovery of serious vulnerabilities in popular password managers, including its own service, that could have allowed attackers to gain access to user data.

To receive the highest reward in its bug bounty program, AgileBits says that a researcher would have to access an unencrypted "bad poetry" flag that is stored in a 1Password vault.

Continue reading

Microsoft and Google increase bug bounty payouts


Keen as ever to squash any security issues and bugs that might arise in their software, both Microsoft and Google have announced increases in their bug bounty program payouts. Microsoft has doubled some awards, while Google has used others to make knowing jokes.

Two increased rewards from Google include "leet" references. Find a Remote Code Execution bug and you could bag yourself $31,337 (up from $20,000); execute "Unrestricted file system or database access" and you could earn $13,337 (up from $10,000). While Google's increases are permanent, however, Microsoft's are just temporary.

Continue reading

Is a bug bounty program right for your company?

Computer bug

Already an attractive option for a variety of consumer applications, crowd sourcing is now catching on in the corporate world. One emerging area of crowd sourcing is bug bounty programs. These are rewards offered by organizations to security researchers or whitehat hackers, who receive recognition and financial compensation for finding and reporting bugs, exploits and vulnerabilities in the organizations’ websites and applications.

As a technology company or security professional, it’s easy to see the attraction of running bug bounty programs. But these programs are not without risk, and timing can be a critical factor. Unless they are managed carefully, bug bounty programs can come with serious consequences for your overall security posture.

Continue reading

What does it take to be a successful bug hunter?

Computer bug

Hackers are having a moment. As high-profile breaches have become the norm over the last few years, more and more enterprise organizations have turned to bug bounty programs. As a result, the idea of hacking for good has finally begun to resonate with the general public. This rise in popularity has inspired many, from aspiring hackers to seasoned security professionals, to join the hunt and seek out bug bounty programs to "hack on".

As an information security professional by trade and a hacker by heart, I’ve had years of experience hacking for good. From my days as a penetration tester and security leadership roles at HP Fortify, Redspin and Citrix to hacking on bug bounty programs of all sizes, I have spent my life hacking for good -- much of this experience has been hacking on bug bounty programs.

Continue reading

Apple is smart to enlist hackers and iPhone 7 jailbreakers to secure iOS and macOS


Apple has historically been very guarded and secretive. While this is still true today, the company has definitely become more open after Steve Job's death. Quite frankly, the fact that there are now public betas for both iOS and macOS is mind-blowing for the Apple faithful. Last month, the company even launched its first bug bounty program! Why did Apple soften its guarded position? It had to. As the technology market advances, and security becomes a bigger focus, it is not possible to catch all bugs and vulnerabilities in house.

While the bug bounty and public betas were very wise moves, the company is apparently taking things a step further. According to Forbes, Apple is enlisting iPhone jailbreakers and other hackers (such as Luca Todesco, Nicholas Allegra and Patrick Wardle) to bolster the security of its products using the aforementioned bug bounty program. In fact, it is rumored to be happening at a secret meeting. If true, is the company smart to trust these people?

Continue reading

What does a bug researcher look like?

Magnifying Glass PC

What kind of people spend their time looking for software bugs? Crowdsourced testing company Bugcrowd has released a report looking at how its community is made up that might give you a clue.

Bugcrowd researchers come from all over the world, as of September 1, 2016, the United States (29 percent) and India (28 percent) had the most sign-ups, followed by the United Kingdom on six percent.

Continue reading

Apple finally announces a bug bounty program of its own -- but it's not open to everyone


Bug bounty programs have become commonplace in recent years. Tech companies offer up rewards to coders, engineers and hackers who manage to unearth security vulnerabilities in software, and this means that problems are detected and patched faster than normal.

It is something that the likes of Google and Microsoft have offered for some time, and now Apple has decided it wants a piece of the action as well. Starting in September, the company will pay out up to $200,000 to anyone identifying vulnerabilities in its software and services.

Continue reading

New breed of 'super hunters' earn thousands from bug bounty programs

Superhero city

With data breaches still making headlines and security teams facing increased pressures it's not surprising that companies are looking for innovative ways to find flaws in their systems.

Crowdsourced security specialist Bugcrowd has released the results of its second annual State of Bug Bounty Report which shows that the number of bug bounty programs hosted on its platform is up by an average of 210 percent year on year since January 2013.

Continue reading

Uber announces bug bounty program

Google relaxes Project Zero bug disclosure policy after Microsoft complaints

Uber is calling on independent computer researchers and experts to find weaknesses in its system as the transportation firm is set to release its technical map.

As Uber jumps into the bug bounty bandwagon -- a philosophy that has long been advocated by the open-source software movement -- it details its software infrastructure to the public, identifies what sorts of data might be exposed inadvertently and suggests what types of flaws are the most likely to be found.

Continue reading

The pros and cons of implementing a bug bounty program

Bag yourself $15,000 as an Azure or Project Spartan bounty hunter

A recent incident with the Facebook Bug Bounty program has led to many different reactions supporting both Facebook and the security researcher. Regardless of who is right in that whole story, the one fact is clear: the researcher went far beyond what the social media site had initially expected, and got access to the sensitive data the company didn’t really want to share with anybody, including the researchers’ community.

These days bug bounties have become very popular, raising more and more questions about their efficiency and effectiveness. We will try to understand how and if bug bounties can be used to test your corporate web applications. I intentionally omit bug bounties for stand-alone software (e.g. Chrome or various IoT applications) as it’s a different topic.

Continue reading

© 1998-2017 BetaNews, Inc. All Rights Reserved. Privacy Policy.