Bug Bounty

Software Security

Issued by: Security Week

European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing. The Series B funding round included investments from Banque des Territoires and Eiffel Investment Group, as well as existing investors Normandie Participations and CNP Assurances. Founded in 2015, the YesWeHack platform…

Vulnerabilities

Issued by: Help Net Security

HP has expanded its Bug Bounty Program to focus specifically on office-class print cartridge security vulnerabilities. The program underscores HP’s commitment to delivering defense- in-depth across all aspects of printing—including supply chain, cartridge chip, cartridge packaging, firmware and printer hardware. HP Bug Bounty Program As part of this program, HP has engaged with Bugcrowd to…

Application Security

Issued by: Security Week

Uber Updates Bug Bounty Program

Uber last week updated the legal terms of its bug bounty program and provided guidance for good faith vulnerability research. The changes come just months after the ride-sharing giant admitted paying a couple of individuals as part of an effort to cover up a massive security incident. Uber says it has addressed nearly 200 flaws for…

Vulnerabilities

Issued by: Help Net Security

Intel offers to pay for Spectre-like side channel vulnerabilities

Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. Where information about critical vulnerabilities in Intel software, firmware and hardware could have previously been rewarded with up to $7,500, $10,000 and $30,000, respectively, now the bounties in those same categories…

Malware & Threats

Issued by: Security Week

Hackers Helped Pentagon Patch Thousands of Flaws

Bug bounty programs and a vulnerability disclosure policy have helped the U.S. Department of Defense patch thousands of security holes in its systems. Nearly one year after it announced its vulnerability disclosure policy, the Pentagon received 2,837 valid bug reports from roughly 650 white hat hackers located in 50 countries around the world, according to…

Network Security

Issued by: Security Week

Rockstar Games Launches Public Bug Bounty Program

Rockstar Games this week launched a public bug bounty program through HackerOne, after running it in private mode for more than nine months. On the program’s page, the company reveals that the minimum bounty for successful vulnerability submissions is $150, but that researchers can get higher rewards, depending on the severity and complexity of the…

Vulnerabilities

Issued by: Dark Reading

HackerOne Offers Free Service for Open Source Projects

Service aims to provide efficient security programs but projects must meet certain rules to qualify for it. HackerOne has announced free professional service for open-source projects aimed at providing support to project developers for running efficient and productive security programs. Called HackerOne Community Edition, this service will help open-source projects with “vulnerability submission, coordination, dupe…