Items tagged with bug bounty
In the past nine years, Google has awarded over $5 million in bug bounties to security researchers who have found and disclosed security holes in the company's Chrome browser. That is a drop in the bucket for a company like Google, but an enormous sum in its own right. Going forward, bug hunters can expect even bigger payouts. Google is bumping up the reward amounts associated with its bug bounty program for Chrome. These are not minor increases, either—Google is tripling the maximum baseline reward amount from $5,000 to $15,000, and doubling the maximum reward amount for high quality reports from $15,000 to $30,000. In addition, it is doubling the bonus for bugs found by fuzzers running...
Read more...
Bug Bounty programs are very common today with most of the big tech firms hosing them. The goal is to get hackers to report any bugs they find for a payday rather than turning to the black market to sell their hacks. HP has announced a new Bug Bounty program to lure researchers in to hack its printer software. The program offers up to $10,000 to hackers who can find these vulnerabilities. HP’s opened its Bug Bounty program in May and had 34 security researchers signed up at the start. One of those researchers was already paid out $10,000 for what was identified as a serious flaw with HP's printers. HP has a wealth of product outside of printers, but says that it chose the printer arm for...
Read more...
Forget about 'Netflix and chill', how about 'Netflix and make some money!'? Sure, the latter isn't likely to trend as a popular catchphrase, and it's not a euphemism for cuddling on the couch (or bed) and getting intimate. However, it is a possibility now that Netflix is opening up its bug bounty program to the public. Rewards for uncovering vulnerabilities vary by the severity, with the highest payout so far being $15,000. The bug bounty program is not new—Netflix has been paying select researchers to uncover security issues since September 2016. Prior to that, Netflix had in place a vulnerability disclosure program dating back to 2013 that allowed researchers to report bugs to the company,...
Read more...
With critical vulnerabilities like Meltdown and Spectre having been disclosed to the public, it's clearer than ever that more eyeballs are needed when it comes to making sure that our software and hardware is secure. Not long after Intel suffered the bulk of fallout from Meltdown and Spectre, the company bolstered its bug bounty program to encourage more people to dive in and discover bugs before they can be exploited. Intel made great strides to improve the program overall by cutting out the invite-only requirement, allowing anyone to find, explore and report potential bugs. Clearly, Microsoft liked that idea, as it has also enhanced its bug bounty program to offer the the same top quarter...
Read more...
Intel has been operating its Bug Bounty Program for nearly a year now, with the program originally launching back in March 2017. Initially, the only way that hackers or security researchers could participate was to receive an invite from Intel. Without that invite, you could find all the bugs you wanted, but Intel wouldn't pay you for them. Intel this week announced that it has made changes to that program and one of the biggest is that anyone can now get paid for finding bugs if they follow the program rules. Those rules revolve around using coordinated disclosure practices. What that really means is that Intel must know about the flaw and be given time to address the flaw before any public...
Read more...
Google has been paying out some significant money to get security researchers and hackers to tear apart its Chrome browser and Chrome OS. In March of 2015, Google offered up $100,000 for anyone who could find an exploit chain that would allow for a persistent compromise of a Chromebox or Chromebook using guest mode via a webpage. That $100,000 offer was an increase from the original $50,000 bounty.That bounty went unclaimed for many months until a researcher that uses the moniker Gzob Qq notified Google on September 18 that he had identified a set of vulnerabilities in Chrome OS. The hacker was able to identify a series of vulnerabilities that could lead to persistent code execution on Chromebooks...
Read more...
There is good money to be earned from being an software exterminator. Several companies have so-called bug bounty programs in place in which they pay out rewards for rooting out certain software flaws and vulnerabilities. DJI, a major player in consumer and professinal drones and aerial imaging technology, is the latest to the join the fray. Through its Threat Identification Reward Program, researchers can earn up to five figures per bug. "Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention," said DJI Director of Technical Standards Walter Stockwell....
Read more...
Barring an unexpected change in strategy, Windows 10 is and will remain the last monolithic release of Windows. With that being the case, it is in Microsoft's best interest—as well as its customers—to ensure that it remains the most secure release. To help with that, Microsoft is upping the ante for bug hunters—certain exploits brought to Microsoft's attention are now worth as much as a quarter of a million dollars. Imagine finding a bug in Windows 10, reporting it to Microsoft, and then be paid $250,000 for your discovery. That is now a possibility with Microsoft making Windows a 10 a permanent part of its bug bounty program and increasing monetary rewards. Previously only Windows Insiders were...
Read more...
Many technology companies have in place bug bounty programs that reward security researchers who submit discovered vulnerabilities in the products and services they offer. It is a win-win proposition in which technology companies are alerted to potentially crippling security holes, and hackers are compensated for their efforts. Apple is among the companies with a bug bounty program, though some researchers are choosing to hold onto discovered vulnerabilities, or worse yet, sell them on the underground market. Apple's is relatively new to the bug bounty scene. Ivan Krstic, head of Apple's security division, surprised attendees at last year's Black Hat conference by announcing the program, which...
Read more...
Nintendo is not a fan of the modder movement, at least not as it pertains to game consoles. The company has an entire section on its website explaining why it feels using ROMs is illegal and immoral, even if you already own a copy of the game. Nintendo's feelings on the matter aside, modders continue to hack game consoles so they can load up freely available ROMs from the Internet, and this has created a cat-and-mouse game between them and Nintendo. It happened with the Wii U and 3DS, and it will happen again with the Switch. In an effort to make modding more difficult (and its systems more secure), Nintendo launched a bug bounty program with HackerOne, a third-party service that pays out money...
Read more...
Microsoft is rolling out another perk to subscribers of its Office Insider program. In addition to testing out new builds and having access to features that have not yet been released to the public, Microsoft is launching a bug bounty program for Office Insiders. Through the bug bounty program, Office Insiders can score anywhere from $500 all the way up to $15,000 for discovering vulnerabilities. "The Microsoft Cloud and Online Services Bounty Program has helped us identify elusive vulnerabilities and provided a way to reward the individuals actively partnering with us to protect our customers. We want to continue incentivizing research around design and logic and reward deeper thought in important...
Read more...
Qualcomm is opening up a "vulnerability awards program," otherwise known as a bug bounty, in hopes that white hat hackers will root out security flaws in its Snapdragon family of processors, LTE modems, and related technologies, the company announced today. While rewarding security researchers for hunting bugs isn't new, Qualcomm points out that this is the first of its kind by a major silicon vendor. The mobile chipmaker is handing over administration duties to HackerOne with rewards of up to $15,000 per vulnerability up for grabs. Researchers may also find motivation by potential recognition in either the QTQ Product Security or the CodeAuroraForum Hall of Fame, depending on the submission....
Read more...
A start-up that sells security exploits to government agencies is willing to pay big money for remote hacks on iOS 10, the latest version of Apple's mobile operating system. Specifically, the top award is now an eye popping $1.5 million, or three times the previous award, for remote hacks that work against up-do-date iPhone and iPad devices running iOS 10. The company is called Zerodium. It bills itself as the premium exploit acquisition platform for high-end zero-days and advanced vulnerability research. Zerodium's only been in business for a year but is well known in tech circles for its controversial business model and open advertising of seeking exploits for specific reward amounts, which...
Read more...
Even Apple's software isn't immune to security holes and vulnerabilities. An admission of such by Tim Cook and the gang comes in the form of a new bug bounty program Apple announced at the Black Hat conference today in Las Vegas, Nevada. The program kicks off in September and will offer cash rewards for certain exploits. Apple's interested in vulnerabilities that affect iOS, it's mobile operating system, as well as any that might be present on its latest hardware devices. This is the first time Apple's offered a public bug bounty program with cash rewards, and those who participate stand to earn up to $200,000 per vulnerability, the max payment amount. At #BlackHat2016, Apple just announced a...
Read more...
