vulnerability disclosure
Hacker-powered security is reaching critical mass
HackerOne announced findings from the 2018 Hacker-Powered Security Report, based on over 72,000 resolved security vulnerabilities, 1,000 customer programs and more than $31 …
How to improve software vulnerability disclosure in Europe
As software gets embedded in more and more things we use every day, the problem of software vulnerability reporting and patching rises in importance. Unfortunately, only a few …
Researcher hacks smart fingerprint padlock in mere seconds
The Tapplock one “smart” padlock, which received many rave reviews by tech-focused news sites and YouTubers, can be forced to open in under two seconds with a …
Crowdsourced security trends: Payouts to hackers increase
Bugcrowd has released the 2018 Bugcrowd State of Bug Bounty Report, which analyzes proprietary platform data collected from more than 700 crowdsourced security programs …
The pace of vulnerability disclosure shows no signs of slowing
Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year, according to Risk Based Security’s …
Hacking for fun and profit: How one researcher is making IoT device makers take security seriously
We should all be so lucky to enjoy our work as much as Ken Munro does. Generally attracted by research that “looks fun” and particularly interested in probing the …
Netflix, Dropbox promise not to sue security researchers, with caveats
Netflix and Dropbox have both noted recently that they won’t sue security researchers who find and disclose vulnerabilities in their products. The only caveat is: the …
AMD confirms processor flaws found by CTS Labs, firmware fixes are coming
Chipmaker AMD has confirmed that the vulnerabilities discovered by CTS Labs researchers earlier this month do affect a variety of its products, and that firmware patches …
Keeping on top of ICS-focused hacking groups, defenses
How many hacking groups are focusing on ICS systems? Dragos security researchers say at least five were active in 2017. “While only one has demonstrated an apparent …
Still relying solely on CVE and NVD for vulnerability tracking? Bad idea
2017 broke the previous all-time record for the highest number of reported vulnerabilities. The 20,832 vulnerabilities cataloged during 2017 by Risk Based Security (VulnDB) …
A five-year analysis of reported Windows vulnerabilities
Based on analysis of all disclosed Microsoft vulnerabilities in 2017, a new Avecto report shows a significant rise in the number of reported vulnerabilities. Last year, 685 …
Google wants bug hunters to probe popular Android apps for bugs
Google has started another bug bounty initiative: the Google Play Security Reward Program. While the name of the program might suggest that bug hunters will be after …
Featured news
Resources
Don't miss
- Portmaster: Open-source application firewall
- Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572)
- How a noisy ransomware intrusion exposed a long-term espionage foothold
- Creative cybersecurity strategies for resource-constrained institutions
- Product showcase: UserLock IAM for Active Directory