Search results for: bug bounties

bug bounties

Microsoft offers rewards for Windows bugs

Microsoft is asking researchers to look for bugs inside the latest Windows 10 version (Insider Preview slow ring). Remote code execution bugs can net finders up to $15,000, elevation of privilege flaws up to $10,000, and information disclosure, remote DoS, and spoofing bugs up to $5,000. As always, high-quality reports with Proof of Concepts will result in bigger payouts. Vulnerabilities in Windows Journal, Windows Store, Windows Apps, Flash, firmware, third party drivers, or third party … More


Organizations award hackers up to $900,000 a year in bug bounties

A new HackerOne report examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded. With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to … More


Crowdsourced security testing and bug bounties

In the past few years, the bug bounty economy has been growing steadily, with more organizations getting on board every day. In this podcast, Ilia Kolochenko, CEO at High-Tech Bridge, talks about crowdsourced security testing and bug bounties. Here’s a transcript of the podcast for your convenience. Hello, my name is Ilia Kolochenko, I’m CEO and founder of High-Tech Bridge. I would probably say that bug bounties is a very interesting concept that first of … More

Microsoft Edge

Microsoft extends the Microsoft Edge Bounty Program

Initially time-bound, the Microsoft Edge Bounty Program has now been turned into one that will run indefinitely, Microsoft has announced. The past and present of the Microsoft Edge Bounty Program “Since 2013, we have launched three browser bounties to uncover specific vulnerabilities. As security is a continuous effort and not a destination, we prioritize identifying different types of vulnerabilities in different points of time,” says Akila Srinivasan, a program manager with the Microsoft Security Response … More

road sign

Application security trends: What you need to know

Today at Infosecurity Europe 2017, High-Tech Bridge released a summary report on application security trends for Q1 – Q2 2017. Statistical data mentioned in the report largely comes from the ImmuniWeb application security testing platform and High-Tech Bridge’s free web security services, but also leverages a wealth of data from various open sources. The most interesting and important trends are outlined below. Bug Bounty fatigue trend is one that will continue The Bug Bounty fatigue … More


WordPress announces bug bounty program

WordPress Foundation is the latest organization to publicly announce a bug bounty program set up on the HackerOne platform. What’s in scope of the WordPress bug bounty program? Bounties will be offered to security researchers who flag bugs in: WordPress (content management system) BuddyPress (social networking plugin suite) bbPress (forum software) GlotPress (collaborative translation tool) WP-CLI (command line interface for WordPress),,,,, and In general, all * are in scope. … More

Week in review: Apache servers under attack, machine leaning in infosec

Here’s an overview of some of last week’s most interesting news, podcasts and articles: The six stages of a cyber attack lifecycle High-impact cyber incidents can be avoided if you detect and respond quickly with end-to-end threat management processes. StoneDrill: New wiper targets Middle East, shows interest in Europe Just like another infamous wiper, Shamoon, it destroys everything on the infected computer. Google, Microsoft increase bug bounties Bug hunters, rejoice: both Google and Microsoft have … More


Google, Microsoft increase bug bounties

Bug hunters, rejoice: both Google and Microsoft have announced a considerable increase of the amount they will pay out for information about bugs in their products. Google ups bug bounties for most severe bugs Google has upped the rewards for “Remote Code Execution” and “Unrestricted file system or database access” to $31,337 (from $20,000) and $13,337 (from $10,000), respectively. The “Remote Code Execution” category includes command injection flaws, deserialization bugs, sandbox escapes, and more, while … More


Qualys and Bugcrowd bring automation, crowdsourcing to web app security

At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs. Many organizations’ security strategies have changed to a proactive approach, which includes both automation and human expertise to discover vulnerabilities. To reduce the escalating cost and effort of implementing multiple tools or programs, this joint integration between Bugcrowd Crowdcontrol and Qualys Cloud Platform brings together … More


Millions of job seekers’ info exposed via easily accessible database backups

A data leak has exposed sensitive information about millions of job seekers that used global recruitment firm Michael Page. The leak has once again been revealed to the leaking company through Troy Hunt, the creator and administrator of the Have I Been Pwned (HIBP) online service. “It was the same individual who located the Red Cross data and the same story in terms of discovery an underlying risk on the server end; publicly exposed website, … More


Yelp makes its bug bounty program public

After two years of keeping their bug bounty program private and relatively secret, Yelp is opening it up and has invited bug hunters to probe its sites, apps, and infrastructure. “Our vulnerability reward payouts will go up to $15,000 USD for the most impactful exploits. If we accept your report, our minimum bounty is $100,” the company says. Apparently, they have already paid bug bounties to dozens of bug hunters, who throughout the years helped … More


Kaspersky Lab launches public bug bounty program

Kaspersky Lab is asking researchers to look under the hood of two of its flagship security solutions and to report any bugs they might find. Kaspersky’s bug bounty program, which was in private beta for months, will be now be opened to all outside researchers for a period of six months. The move was announced at Black Hat USA 2016. Researchers are invited to look for security issues only in “Kaspersky Internet Security 2017 and … More