Search results for: bug bounties


Kubernetes bug bounty program open to anyone, rewards up to $10,000

The Cloud Native Computing Foundation is inviting bug hunters to search for and report vulnerabilities affecting Kubernetes. Offered bug bounties range between $100 to $10,000. What is Kubernetes? Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was designed by Google but has been open sourced and handed over to the Cloud Native Computing Foundation to continue its maintenance and has become a community project. The Kubernetes bug bounty program … More


Google ups bug bounties for Android flaws, exploits

Google has expanded the Android Security Rewards (ASR) program and increased the bug bounties it’s willing to award for certain kinds of exploits. About the Android Security Rewards Program ASR covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets, which are currently Pixel 4, Pixel 3a and Pixel 3a XL, and Pixel 3 and Pixel 3 XL. “Eligible bugs include those in AOSP code, OEM code (libraries and drivers), … More


GitHub Security Lab aims to make open source software more secure

GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in critical open source projects,” said Jamie Cool, VP of Product Management, Security at GitHub. GitHub Security Lab GitHub Security Lab is a program aimed at researchers, maintainers, and companies that want to contribute to the overall security of open source software. Current … More


Disclosing vulnerabilities to improve software security is good for everyone

Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, according to a Veracode report. 451 Research conducted survey from December 2018 to January 2019 using a representative sample of 1,000 respondents across a range of industries and organization sizes in the US, Germany, France, Italy and the UK. Survey respondents reported enterprise roles such as application development, infrastructure and information security, … More

HackerOne raises $36.4M to expand global market reach

HackerOne, the leading hacker-powered pentest and bug bounty platform, announced $36.4M in Series D financing, bringing the company’s total funding amount to over $110M to-date. This new round of funding occurs against the backdrop of international acknowledgment for the power of hackers. Legislators and thought leaders in cybersecurity are making the point that actionable insights from hackers are useful for everyone. The financing round includes participation from existing investors, including Benchmark, New Enterprise Associates, Dragoneer … More

HackerOne concludes its bug bounty challenge with the National University of Singapore

HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the successful conclusion of its bug bounty challenge with the National University of Singapore (NUS). NUS is the first university in Singapore to actively incentivize its own students to hone their hacking skills through a bug bounty challenge. A bug bounty challenge is used by organizations to incentivize ethical hackers to look for software vulnerabilities in exchange for a monetary rewards or ‘bounties’ in … More

HackerOne h1-702

Hackers earn nearly $2 million in bounties during HackerOne’s live hacking event

HackerOne, a hacker-powered pentesting and bug bounty platform, announced hackers earned more than $1.9 million in bounties during Las Vegas live hacking event, dubbed h1-702. Hackers found and reported 1,000 security flaws for participating companies. Amidst Black Hat USA and DEF CON security conferences in Las Vegas, 100 hackers and 75 hackers-in-training from around the world gathered for three days to search for vulnerabilities in organizations including Verizon Media and GitHub, among others. At the … More

Google Play

Google will pay for data abuse reports related to popular Android apps, Chrome extensions

Google is expanding the Google Play Security Reward Program (GPSRP) to include all apps in Google Play with 100 million or more installs, and is launching a new Developer Data Protection Reward Program (DDPRP) and asking for information about data abuse issues in Android apps, OAuth projects, and Chrome extensions. “The [DDPRP] program aims to reward anyone who can provide verifiably and unambiguous evidence of data abuse, in a similar model as Google’s other vulnerability … More

VLC users urged to implement latest security update

VLC, the popular cross-platform media player, has reached version 3.0.8, which fixes over a dozen security vulnerabilities, some of which could be exploited by attackers to achieve code execution on victims’ machines. About VLC VLC is an extremely popular piece of software that started as an academic project. It’s free and open-source and is available for Windows, macOS, Linux, Android, Chrome OS, iOS, Apple TV, and Windows Phone. It is currently maintained by the VideoLAN … More


Apple expands bug bounty program, opens it to all researchers, raises rewards

Three years ago at the Black Hat conference, Apple announced its first bug bounty program, which was invite-only and limited to iOS. At this year’s edition of the con, Ivan Krstić, Apple’s head of security engineering and architecture, announced changes to it. Wider scope, higher bug bounties Starting this fall, the program will be open to all researchers. Apple Bug Bounty. — mikeb (@mikebdotorg) August 8, 2019 The bug bounty program has been widened … More


Google increases bounties for Chrome, Google Play bugs

Bug hunters searching for security flaws in Google’s offerings are now vying for higher bounties. Microsoft has launched a new bug bounty program. Google’s changes Since 2010, when Google started the Chrome Vulnerability Reward Program to reward security researchers who invest their time and effort to discover bugs in Chrome and Chrome OS, the company has raised the offered bounty amounts a number of times. Nine years ago, the rewards ranged from $500 to $1337 … More

HackerOne and Singapore Government tapping the skilled hacker community to approach security testing

HackerOne, the leading hacker-powered security platform, announced it will partner with the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA), to work with hackers from all over the world to further protect Singapore citizens by testing public-facing government systems. This is HackerOne’s third bug bounty initiative with the Singapore Government, following successful prior programs with GovTech and MINDEF Singapore. The bug bounty initiative will invite a select group of … More