Articles about Bug Bounty

Facebook launches Data Abuse Bounty with rewards of up to $40,000

Facebook on three smartphones

With at least 87 million Facebook users affected by the data abuse by Cambridge Analytica, the social network is now on a mission to clean up its image. After rolling out tools, issuing notifications, and testifying in front of Congress, Facebook is launching a new bounty program that rewards people who report instances of data abuse.

The Data Abuse Bounty is a new program that offers from $500 to $40,000, and it aims to clamp down on the misuse of data by app developers. Launched just before Mark Zuckerberg's testimonies this week, it's a clear attempt by Facebook to curry favor.

Continue reading

Netflix bug bounty program offers top rewards of $15,000

As much as we'd like to think otherwise, no software is free of security issues. That's why it's important for tech companies to play an active role in finding and fixing as many bugs as possible before they're exploited. Implementing a bug bounty program can be very effective, as the product is exposed to various testing mindsets and approaches which can uncover some nasty surprises.

Netflix, which has over 100 million users across the globe, today introduces its first bug bounty program that's open to the public, with rewards that can reach $15,000 for the most-valuable findings that security researchers report.

Continue reading

Microsoft launches bounty program for speculative execution side channel vulnerabilities

Microsoft logo on the corner of a building

Microsoft has launched a bug bounty program that will reward anyone who finds the next Meltdown or Spectre vulnerability. Known as speculative execution side channel vulnerabilities, Microsoft is willing to reward anyone who reports bugs that could cause problems like earlier in the year.

The rewards on offer range from $5,000 up to $250,000 depending on the severity of the vulnerability, and the bounty program runs until the end of 2018. Microsoft says that it will operate under the principles of coordinated vulnerability disclosure.

Continue reading

With Intel's updated bug bounty program, you could earn big bucks for finding the next Meltdown

Intel keychain

Intel has updated its bug bounty program, offering up to $250,000 to anyone identifying vulnerabilities in its hardware and software. The key update here is that the program is now open to everyone through the HackerOne platform -- it was previously open to selected security researchers on an invite-only basis.

The move comes in the wake of the Meltdown and Spectre chip vulnerability revelations, and it's clearly an attempt by Intel to not only ramp up its security, but to be seen doing so. The company says it wants to create "a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover."

Continue reading

Google Issue Tracker bug database found to have its own security vulnerability

Google logo

Google's bug-tracking database -- the Google Issue Tracker which is known as the Buganizer System within the company itself -- had its own security holes which left it vulnerable to hackers.

Researcher Alex Birsan was able to exploit vulnerabilities so he could gain wider access to Google's database than he should have been able to. The trick was a simple matter of fooling the system into letting him register a email address that would ordinarily be reserved for Google employees.

Continue reading

Android hackers: Now there's a bug bounty program for Google Play

Android phone with apps

Google has announced that it is teaming up with HackerOne to bring a bug bounty program to the Play Store. Seeking to weed out problems with Android apps, the Google Play Security Reward Program pays out $1,000 for reported issues that meet certain criteria.

The program is a little different to other bug bounty programs as Google will pay out for problems that are found in third party apps, not just its own. At the moment there are a very small number of apps that are taking part, but Google is inviting developers to opt their apps into the program.

Continue reading

Samsung pays up to $200,000 in bug bounty program

Developer at work

To improve the security of their products, many high profile tech companies have introduced bug bounty programs. The rewards can be pretty substantial, depending on the severity of the bug and the quality of the report, as Samsung's first such initiative focused on its mobile devices proves.

Called the Mobile Security Rewards Program, Samsung's bug bounty program will pay researchers up to $200,000 for finding security vulnerabilities in its mobile devices and related software.

Continue reading

Microsoft launches Windows Bounty Program to weed out Windows 10 bugs

Windows 10 box with bugs

Microsoft is one of many technology companies to run bounty programs giving people the opportunity to earn a bundle of cash for finding bugs and security issues with software. Now the software giant has launched the Windows Bounty Program, offering rewards of up to $250,000.

Of course, the starting point for rewards is much lower -- just $500, but still better than a kick in the teeth. This new bounty program has four key areas of focus in addition to the Windows Insider program: Microsoft Hyper-V, Mitigation bypass and Bounty for defense, Windows Defender Application Guard, and Microsoft Edge.

Continue reading

Microsoft Edge bug bounty program now permanent

Microsoft introduced a bug bounty program for Edge last August. Originally intended as a temporary thing, it will now live on as the software giant reports that it has lead to major improvements in its browser's security.

As is the case with bug bounty programs, part of the appeal for security researchers is the financial side. In this case, Microsoft says that it has paid over $200,000 in bounties in since it kicked off.

Continue reading

Intel's first bug bounty program has $30,000 top reward

Security researchers can make a lot of money by reporting bugs to software and hardware vendors. Microsoft, for instance, pays up to $15,000 for vulnerabilities in Office Insider, while Intel, through its first bug bounty program, takes things up a notch with a top reward of $30,000.

Intel's first bug bounty program was announced on HackerOne, and targets firmware, software and hardware products. Hardware vulnerabilities have the highest top reward, followed by firmware and then software.

Continue reading

Microsoft will pay up to $15,000 for Office Insider vulnerabilities

Microsoft wants to make Office more secure, so it has announced a bug bounty program for Office Insiders to catch vulnerabilities before shipping a public release.

The bug bounty program targets the Windows version of Office on the Slow ring and features rewards of up to $15,000, but for "certain submissions" -- presumably highly-critical security holes -- the software giant says that researchers can expected to be paid more.

Continue reading

1Password raises top bug bounty reward to $100,000

AgileBits, the company behind popular password manager 1Password, is raising the top bug bounty reward from $25,000 to $100,000, following the discovery of serious vulnerabilities in popular password managers, including its own service, that could have allowed attackers to gain access to user data.

To receive the highest reward in its bug bounty program, AgileBits says that a researcher would have to access an unencrypted "bad poetry" flag that is stored in a 1Password vault.

Continue reading

Microsoft and Google increase bug bounty payouts

bag of money

Keen as ever to squash any security issues and bugs that might arise in their software, both Microsoft and Google have announced increases in their bug bounty program payouts. Microsoft has doubled some awards, while Google has used others to make knowing jokes.

Two increased rewards from Google include "leet" references. Find a Remote Code Execution bug and you could bag yourself $31,337 (up from $20,000); execute "Unrestricted file system or database access" and you could earn $13,337 (up from $10,000). While Google's increases are permanent, however, Microsoft's are just temporary.

Continue reading

Is a bug bounty program right for your company?

Already an attractive option for a variety of consumer applications, crowd sourcing is now catching on in the corporate world. One emerging area of crowd sourcing is bug bounty programs. These are rewards offered by organizations to security researchers or whitehat hackers, who receive recognition and financial compensation for finding and reporting bugs, exploits and vulnerabilities in the organizations’ websites and applications.

As a technology company or security professional, it’s easy to see the attraction of running bug bounty programs. But these programs are not without risk, and timing can be a critical factor. Unless they are managed carefully, bug bounty programs can come with serious consequences for your overall security posture.

Continue reading

What does it take to be a successful bug hunter?

Hackers are having a moment. As high-profile breaches have become the norm over the last few years, more and more enterprise organizations have turned to bug bounty programs. As a result, the idea of hacking for good has finally begun to resonate with the general public. This rise in popularity has inspired many, from aspiring hackers to seasoned security professionals, to join the hunt and seek out bug bounty programs to "hack on".

As an information security professional by trade and a hacker by heart, I’ve had years of experience hacking for good. From my days as a penetration tester and security leadership roles at HP Fortify, Redspin and Citrix to hacking on bug bounty programs of all sizes, I have spent my life hacking for good -- much of this experience has been hacking on bug bounty programs.

Continue reading

© 1998-2018 BetaNews, Inc. All Rights Reserved. Privacy Policy.