Bug Bounties

Debugging binary code with bug inside magnifying glass

Growth capital of $50M obtained by Bugcrowd

SC StaffNovember 4, 2024

"Our mission is to help organizations regain control of cyber risks by harnessing the collective ingenuity of the hacker community to outsmart adversaries. This capital provides the resources needed to strengthen our position as the leader of the crowdsourced security market," said Bugcrowd CEO Dave Gerry.

Vulnerability Management

Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting – Grant McCracken – ASW #306

November 4, 2024

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for...

AI/ML

Apple publishes its 1st-ever Virtual Research Environment for Private Cloud Compute

Laura FrenchOctober 25, 2024

Bug bounties of up to $1 million are available for researchers who find flaws in the platform.

Vulnerability Management

Discovering a common Salesforce mistake launched this security professional’s career – Aaron Costello – ESW #379

October 9, 2024

Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversati...

Bug Bounties

How integrated pentesting and bug bounty programs give security teams an edge

Josh Jacobson September 20, 2024

An integrated approach to pentesting and bug bounty programs promises to find vulnerabilities that would otherwise get missed.

Bug Bounties

Google beefs up Chrome bug bounty program

SC StaffAugust 29, 2024

Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program.

An Android statue is displayed in front of a building on the Google campus on January 31, 2022 in Mountain View, California. (Photo by Justin Sullivan/Getty Images)

Bug Bounties

Google Play bug bounty program shutdown imminent

SC StaffAugust 22, 2024

While additional submissions would no longer be accepted by Aug. 31, Google noted that triaging of reports provided before then will be completed by Sept. 15, with rewards to be decided upon before the end of September.

Vulnerability Management

Vulnerability Chains – PSW #835

July 17, 2024

Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use d...