One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. Read More
Digest Article
Topic: Bug Bounties
Digest Article
CSIAC Podcast: Bug Bounty Adoption “Crowdsourced Security”
By paying for the reporting of security flaws, security researchers are incentivized to spend time discovering application vulnerabilities. In just a few years bug bounty programs have evolved from obscurity to being embraced as a best practice. Read More
Podcast
Bug Bounty Adoption “Crowdsourced Security”
In an effort to strengthen the cyber defense and cyber resilience measures within information technology systems, government and industry partners are increasingly turning to ethical hackers and incorporating bug bounty programs, which offer rewards for uncovered vulnerabilities. Bug Bounty Programs are “incentivized, results-focused programs that encourage Read More
Digest Article
Bugcrowd Paid Over $500K in Bug Bounties in One Week
Crowdsourced security company Bugcrowd announced today that it paid over $500K ($513,333) to 237 whitehat hackers in a single week for the first time since launching its bug bounty platform more than seven years ago. Read More
Digest Article
How One Teenager Took Out a Secure Pentagon File Sharing Site
On Oct. 25, Cable, who worked for the Defense Digital Service and was a freshman at Stanford University, reported a problem to the department through the Pentagon's HackerOne vulnerability disclosure page. Read More
Digest Article
Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward
The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilities found in its devices - including a $1 million payout - and adding a much-wanted program for its Mac devices. Read More
Digest Article
The Pentagon’s Bug Bounty Program Should Be Expanded to Bases, DOD Official Says
The Hack the Pentagon bug bounty program that allowed citizens to test the defenses of Defense Department websites could soon see a spinoff inviting hackers to probe the Pentagon’s critical infrastructure. Read More
Digest Article
Air Force Issues Challenge to “Hack the Air Force”
The event expands on the DoD 'Hack the Pentagon' bug bounty program by broadening the participation pool from U.S. citizens to include "white hat" hackers from the United Kingdom, Canada, Australia and New Zealand. Read More
