Search results for: bug bounties

Twitter launches bug bounty program

With a simple tweet, Twitter has officially launched its own bug bounty program. Set up through the security response and bug bounty platform HackerOne, the program offers a minimum of $140 per threat. The maximum reward amount has not been defined. The company is currently asking bug hunters to submit reports about bugs on its domain and subdomains (,,, and and its iOS and Android apps. “Any design or implementation issue … More

4chan launches bug bounty program

In the wake of the recent data breach that spelled the end of art products Canvas and DrawQuest, 4chan founder and owner Chris “moot” Poole has announced that they will be launching the 4chan Vulnerability Disclosure Program. After having described the various mistakes that allowed the intruder to obtain and leak information about 4chan users, as well as moderator names and IP addresses, Poole added that they have patched the vulnerability that made the attack … More

Record year for Facebook bug hunters

With nearly 15,000 submissions – 687 of which were valid and eligible for awards – 2013 has been a record year for Facebook’s bug bounty program. Add to this the fact that the company paid out $1.5M to 330 researchers across the globe, you can say that this has been a good year for everyone involved. “The average reward in 2013 was $2,204, and most bugs were discovered in non-core properties, such as websites operated … More

Full Disclosure mailing list closure elicits mixed reactions

The Full Disclosure mailing list has long been the perfect place for security researchers to disclose and discuss newly found vulnerabilities. But John Cartwright, one of its creators, has pulled the plug on the list today. “When Len [Rose] and I created the Full Disclosure list way back in July 2002, we knew that we’d have our fair share of legal troubles along the way. We were right. To date we’ve had all sorts of … More

GitHub sets up bug bounty program

GitHub is the latest service to announce that they have started a security bug bounty program. “The idea is simple: hackers and security researchers find and report vulnerabilities through our responsible disclosure process. Then, to recognize the significant effort that these researchers often put forth when hunting down bugs, we reward them with some cold hard cash,” they stated in a blog post on Thursday. Rewards will range from $100 up to $5000, and the … More

Google broadens Patch Rewards Program

Google has announced the expansion of its recently unveiled Patch Reward Program, which urges security researchers to submit patches for third-party open source software critical to the health of the entire Internet. Initially the program included core infrastructure network services such as OpenSSH, BIND, ISC DHCP; image parsers such as libjpeg, libjpeg-turbo, libpng, giflib; open source foundations of Google Chrome (Chromium, Blink); high-impact libraries such as OpenSSL and zlib, and security-critical components of the Linux … More

Week in review: TrueCrypt’s public security audit, new MS 0-day exploited, new bug bounty programs

Here’s an overview of some of last week’s most interesting news, videos, reviews and articles: ENISA issues recommendations for securing data using cryptography ENISA, the European Union’s “cyber security” Agency, launched a report recommending that all authorities should better promote cryptographic measure to safeguard personal data. The report addresses ways to protect sensitive and/or personal data that has been acquired legitimately. US agency employees let invented woman expert into the network Once again, and more … More

Microsoft and Facebook start Internet-wide bug bounty program

Dubbed The Internet Bug Bounty, it is sponsored by the two Internet giants and is aimed at anyone who discovers vulnerabilities in a series of open source programming languages, web apps, software, app frameworks, HTTP servers, as well as the OpenSSL implementation, Chrome, IE, Adobe Reader and Flash sandboxes, and the “Internet” in general. To participate, the hackers / submitters will have to create an account that will require them to enter a name (or … More

Microsoft widens pool of submitters to its bug bounty programs

Microsoft might have been a late starter when it comes to bug bounties, but they are continually making changes aimed at making its bug bounty program as accessible, as rewarding, and as successful it can be. The latest change makes it possible for more people, such as forensic experts and responders, to submit new mitigation bypass techniques and defensive ideas. “We are going from accepting entries from only a handful of individuals capable of inventing … More

Week in review: Dangerous vBulletin exploit in the wild, Blackhole exploit kit creator arrested

Here’s an overview of some of last week’s most interesting news, videos, interviews and articles: How to establish trust in the cloud In order to enforce corporate security policies in the cloud, IT needs to know (1) who is accessing and sharing (2) what documents (3) in which cloud storage service, and (4) that the cloud provider cannot override policies established by the business or access the data itself. Vulnerable and aggressive adware threatening millions … More

Google offers rewards for code improvements to open source programs

Google has announced that they plan to reward researchers who aim to “improve the security of key third-party software critical to the health of the entire Internet” with “down-to-earth, proactive improvements that go beyond merely fixing a known security bug.” The open source projects for whose patches researchers can get rewarded are currently core infrastructure network services such as OpenSSH, BIND, ISC DHCP; image parsers such as libjpeg, libjpeg-turbo, libpng, giflib; open source foundations of … More

Microsoft hands out $128k in bug bounties

As the date of the release of the final version of Internet Explorer 11 for Windows 8 and RT draws near, Microsoft has announced that it has paid out over $28,000 to six researchers who have successfully participated in the month-long bug bounty program for IE 11. Launched on June 26 and set to last until July 26, the aim of the program was to receive information about vulnerabilities while the new version of the … More