Search results for: bug bounties


The pace of vulnerability disclosure shows no signs of slowing

Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year, according to Risk Based Security’s 2018 Q1 Vulnerability QuickView Report. Note that bug bounties are a subset of the ‘Coordinated Disclosures’ total Key findings 5,375 unique vulnerabilities were reported. This is just a 1.8% increase over the same period in 2017. Note that this number will continue to rise throughout 2018. 1,790 (33.3%) of the … More


How many threats hit the mainframe? No one really knows

Mainframes are the definition of mission-critical for countless businesses. Mainframes can run 1.1 million transactions per second and are at the core of the technology strategies within the worldwide financial markets. In 2017, IBM launched a new mainframe capable of running 12 billion encrypted transactions a day. Why, despite the fact that businesses can’t afford a costly breach, is mainframe security still not getting enough attention? Like any other system, mainframes are subject to ransomware … More

bug bounties

Intel offers to pay for Spectre-like side channel vulnerabilities

Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. Where information about critical vulnerabilities in Intel software, firmware and hardware could have previously been rewarded with up to $7,500, $10,000 and $30,000, respectively, now the bounties in those same categories go up to $10,000, $30,000 and $100,000. A new bug bounty program for side channel vulnerabilities The company … More


Is ethical hacking more lucrative than software engineering?

HackerOne published its 2018 Hacker Report, which examines the geography, demographics, experience, tools used and motivations of nearly 2,000 bug bounty hackers across 100 countries. HackerOne found that on average, top earning ethical hackers make up to 2.7 times the median salary of a software engineer in their respective home countries. Also, hackers in India are making as much as 16 times the median. And yet, the new data finds that overall hackers are less … More


What motivates bug hunters?

Crowdsourced security penetration testing outfit Bugcrowd has released its second annual “Mind of a Hacker” report, to provide insight into bug hunters’ motivations and preferences, and help companies tailor their bug bounty initiatives so they can lead to better results for everyone. The most interesting insights gleaned from the answers of the 500 or so bug hunters who participated in the survey are as follows: They come from all over the world (216 countries), but … More


The Internet Bug Bounty offers rewards for bugs in data processing libraries

The Internet Bug Bounty (IBB), a project aimed at finding and fixing vulnerabilities in core internet infrastructure and free open source software, has announced that it will be giving out rewards for critical vulnerabilities in core infrastructure data processing libraries. The software packages in scope are: Libav LIBcap ImageMagick LIBPNG GraphicsMagick libcurl tcpdump For the moment, bug bounties will be given out only for reports that flag “vulnerabilities that demonstrate unambiguous remote code execution,” the … More

Samsung Galaxy S8

Samsung offers up to $200,000 for bugs in its devices, services

South Korean giant Samsung Electronics is now offering bounties for reported bugs in its mobile devices, software and services. “The rewards program kicked off with a pilot in January 2016 to ensure an efficient and productive public introduction to the broader security community,” the company explained. “Samsung’s Mobile Security Rewards program is the latest initiative to demonstrate the company’s steadfast commitment to enabling secure experiences for all its customers.” What’s in scope? Researchers are instructed … More

bug bounties

Microsoft offers rewards for Windows bugs

Microsoft is asking researchers to look for bugs inside the latest Windows 10 version (Insider Preview slow ring). Remote code execution bugs can net finders up to $15,000, elevation of privilege flaws up to $10,000, and information disclosure, remote DoS, and spoofing bugs up to $5,000. As always, high-quality reports with Proof of Concepts will result in bigger payouts. Vulnerabilities in Windows Journal, Windows Store, Windows Apps, Flash, firmware, third party drivers, or third party … More


Organizations award hackers up to $900,000 a year in bug bounties

A new HackerOne report examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded. With data breaches averaging $4 million in losses globally and the downtime caused by attacks like WannaCry costing upwards of $8 billion, the most security conscious organizations are working with hackers to … More


Crowdsourced security testing and bug bounties

In the past few years, the bug bounty economy has been growing steadily, with more organizations getting on board every day. In this podcast, Ilia Kolochenko, CEO at High-Tech Bridge, talks about crowdsourced security testing and bug bounties. Here’s a transcript of the podcast for your convenience. Hello, my name is Ilia Kolochenko, I’m CEO and founder of High-Tech Bridge. I would probably say that bug bounties is a very interesting concept that first of … More

Microsoft Edge

Microsoft extends the Microsoft Edge Bounty Program

Initially time-bound, the Microsoft Edge Bounty Program has now been turned into one that will run indefinitely, Microsoft has announced. The past and present of the Microsoft Edge Bounty Program “Since 2013, we have launched three browser bounties to uncover specific vulnerabilities. As security is a continuous effort and not a destination, we prioritize identifying different types of vulnerabilities in different points of time,” says Akila Srinivasan, a program manager with the Microsoft Security Response … More

road sign

Application security trends: What you need to know

Today at Infosecurity Europe 2017, High-Tech Bridge released a summary report on application security trends for Q1 – Q2 2017. Statistical data mentioned in the report largely comes from the ImmuniWeb application security testing platform and High-Tech Bridge’s free web security services, but also leverages a wealth of data from various open sources. The most interesting and important trends are outlined below. Bug Bounty fatigue trend is one that will continue The Bug Bounty fatigue … More