Ethical hackers now have many more targets within the Defense Department, DOD officials announced. The department is expanding its Vulnerability Disclosure Program to include all publicly accessible DOD information systems. Read More
Digest Article
Topic: Bug Bounties
Digest Article
DARPA FETT Bug Bounty Goes Live
DARPA today announced that its first bug bounty program-Finding Exploits to Thwart Tampering (FETT)-has opened its virtual doors to a community of ethical hackers and cybersecurity researchers to uncover potential weaknesses within novel secure processors in development on the System Security Integration Through Hardware and Firmware (SSITH) program. DARPA Read More
Digest Article
Researcher lands $100,000 reward for ‘Sign in with Apple’ authentication bypass bug
Apple has awarded a bug bounty hunter $100,000 for finding and reporting a severe security issue that could lead to the takeover of third-party user accounts. Read More
Digest Article
Starbucks Devs Leave API Key in GitHub Public Repo
One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. Read More
Digest Article
CSIAC Podcast: Bug Bounty Adoption “Crowdsourced Security”
By paying for the reporting of security flaws, security researchers are incentivized to spend time discovering application vulnerabilities. In just a few years bug bounty programs have evolved from obscurity to being embraced as a best practice. Read More
Podcast
Bug Bounty Adoption “Crowdsourced Security”
In an effort to strengthen the cyber defense and cyber resilience measures within information technology systems, government and industry partners are increasingly turning to ethical hackers and incorporating bug bounty programs, which offer rewards for uncovered vulnerabilities. Bug Bounty Programs are “incentivized, results-focused programs that encourage Read More
Digest Article
Bugcrowd Paid Over $500K in Bug Bounties in One Week
Crowdsourced security company Bugcrowd announced today that it paid over $500K ($513,333) to 237 whitehat hackers in a single week for the first time since launching its bug bounty platform more than seven years ago. Read More
Digest Article
How One Teenager Took Out a Secure Pentagon File Sharing Site
On Oct. 25, Cable, who worked for the Defense Digital Service and was a freshman at Stanford University, reported a problem to the department through the Pentagon's HackerOne vulnerability disclosure page. Read More
Digest Article
Apple Upgrades Bug Bounty Program: Adds Macs, $1M Reward
The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilities found in its devices - including a $1 million payout - and adding a much-wanted program for its Mac devices. Read More
Digest Article
The Pentagon’s Bug Bounty Program Should Be Expanded to Bases, DOD Official Says
The Hack the Pentagon bug bounty program that allowed citizens to test the defenses of Defense Department websites could soon see a spinoff inviting hackers to probe the Pentagon’s critical infrastructure. Read More
