Ethical hackers now have many more targets within the Defense Department, DOD officials announced. The department is expanding its Vulnerability Disclosure Program to include all publicly accessible DOD information systems.
Topic: Bug Bounties
DARPA today announced that its first bug bounty program-Finding Exploits to Thwart Tampering (FETT)-has opened its virtual doors to a community of ethical hackers and cybersecurity researchers to uncover potential weaknesses within novel secure processors in development on the System Security Integration Through Hardware and Firmware (SSITH) program. DARPA
Apple has awarded a bug bounty hunter $100,000 for finding and reporting a severe security issue that could lead to the takeover of third-party user accounts.
One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.
By paying for the reporting of security flaws, security researchers are incentivized to spend time discovering application vulnerabilities. In just a few years bug bounty programs have evolved from obscurity to being embraced as a best practice.
In an effort to strengthen the cyber defense and cyber resilience measures within information technology systems, government and industry partners are increasingly turning to ethical hackers and incorporating bug bounty programs, which offer rewards for uncovered vulnerabilities. Bug Bounty Programs are “incentivized, results-focused programs that encourage
Crowdsourced security company Bugcrowd announced today that it paid over $500K ($513,333) to 237 whitehat hackers in a single week for the first time since launching its bug bounty platform more than seven years ago.
On Oct. 25, Cable, who worked for the Defense Digital Service and was a freshman at Stanford University, reported a problem to the department through the Pentagon's HackerOne vulnerability disclosure page.
The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilities found in its devices - including a $1 million payout - and adding a much-wanted program for its Mac devices.
The Hack the Pentagon bug bounty program that allowed citizens to test the defenses of Defense Department websites could soon see a spinoff inviting hackers to probe the Pentagon’s critical infrastructure.