Items tagged with bug bounty

Qualcomm is opening up a "vulnerability awards program," otherwise known as a bug bounty, in hopes that white hat hackers will root out security flaws in its Snapdragon family of processors, LTE modems, and related technologies, the company announced today. While rewarding security researchers for hunting bugs isn't new, Qualcomm points out that this is the first of its kind by a major silicon vendor. The mobile chipmaker is handing over administration duties to HackerOne with rewards of up to $15,000 per vulnerability up for grabs. Researchers may also find motivation by potential recognition in either the QTQ Product Security or the CodeAuroraForum Hall of Fame, depending on the submission.... Read more...
A start-up that sells security exploits to government agencies is willing to pay big money for remote hacks on iOS 10, the latest version of Apple's mobile operating system. Specifically, the top award is now an eye popping $1.5 million, or three times the previous award, for remote hacks that work against up-do-date iPhone and iPad devices running iOS 10. The company is called Zerodium. It bills itself as the premium exploit acquisition platform for high-end zero-days and advanced vulnerability research. Zerodium's only been in business for a year but is well known in tech circles for its controversial business model and open advertising of seeking exploits for specific reward amounts, which... Read more...
Even Apple's software isn't immune to security holes and vulnerabilities. An admission of such by Tim Cook and the gang comes in the form of a new bug bounty program Apple announced at the Black Hat conference today in Las Vegas, Nevada. The program kicks off in September and will offer cash rewards for certain exploits. Apple's interested in vulnerabilities that affect iOS, it's mobile operating system, as well as any that might be present on its latest hardware devices. This is the first time Apple's offered a public bug bounty program with cash rewards, and those who participate stand to earn up to $200,000 per vulnerability, the max payment amount. At #BlackHat2016, Apple just announced a... Read more...
We wrote earlier about the kind of success Google has been seeing with its Android bug bounty program -- success that has led the company to actually increase its rewards. Over the years, we've seen other major companies offer bug bounties as well, such as Facebook and Microsoft, so it's clear that they can provide some real value. Could that value be important enough for the US government to get in on the action? It appears that "yes", it certainly can. In a new report from the Pentagon, the groundwork is laid for future programs that target much more than some front-facing websites, which is all that was involved during the Department of Defense's test period of April 18 - May 12 of this year.... Read more...
Watch out, bug hunters, the scope of your competition is expanding to include younger hackers. Take Jani, a 10-year-old living in Finland who discovered a vulnerability in Instagram that allowed him to delete anyone's comments. He proved the flaw to Facebook and was awarded a cool $10,000 for his efforts.Jani isn't even old enough to use Instagram, but he didn't let that stop him from participating in Facebook's Bug Bounty program. Melanie Ensigtn, a security representative at Facebook, told The Washington Post that Jani's methods were completely ethical and void of any ulterior motives. He didn't even violate Instagram's terms of service, as the hack didn't require that he have an account. Had... Read more...
If as a child you told your parents you wanted to be a bug hunter when you grow up, they'd probably dismiss the notion before telling you to go wash your hands before supper. But had you stuck with it, you could now show your parents just how lucrative it is to hunt bugs—programming bugs, that is. In fact, you can collect a cool $100,00 for rooting out a specific type of bug in Chromebooks. That's the new top reward for discovering a persistent compromise of a Chromebook in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page). Google previously tried to tempt security researchers with a $50,000 top prize, but since introducing the reward, it hasn't a received... Read more...
To quote the Guinness brothers, rewarding security researchers with frequent flier miles in exchange for rooting out system bugs is "brilliant!" That's what United Airlines is doing, and it's already given out two of its highest awards available -- one million miles -- which is enough to redeem for dozens of domestic flights (or less if flying first class). United is the only airline to offer such a program. It was unveiled back in May only weeks before technical woes forced the company to ground its planes on two separate occasions. One was due to an inability to access United's reservations system, and the second incident involved software needed for flight plans. "We believe... Read more...
Google is putting up some serious cash in hopes that security researchers and Android dissectors in general will root out security vulnerabilities in exchange for monetary rewards. The expansion of its bug bounty program over to Android represents the first time the mobile operating system has been included, though at the outset it only applies to vulnerabilities discovered on Nexus phone and tablets currently available to purchase in the Google Play Store.That limits the program to the Nexus 6 and Nexus 9, at least for now -- Google says the set of devices that qualify for monetary rewards will change over time. For now, it's just those two, and it's also worth mentioning that vulnerabilities... Read more...
Prev 1 2