bug hunting Archives - Cyber Security Minute

Microsoft Publishes Office Symbols to Improve Bug Hunting

Issued by: Security Week

Symbols are pieces of information used during debugging, and are contained within Symbol files, which are created by the compiler during application build. Some of these symbols are called ‘public symbols’. They contain basic information, such as function names and global variables, and are used in all forms of debugging. Symbol files that contain only…

Vulnerabilities

Vulnerabilities Found by Google Researchers in 2021 Got Patched on Average in 52 Days

Issued by: Security Week

Between 2019 and 2021, the team reported a total of 376 vulnerabilities and saw most of them (351) get patched. Of the remaining flaws, 14 are marked “WontFix” by the vendor and 11 remain unfixed. Per Google Project Zero’s policy, vendors have 90 days to address the security errors, but they can also request a…

Vulnerabilities

How much is a vulnerability worth?

Issued by: Help Net Security

As part of its crowdsourced security program, Zoom has recently increased the maximum payout for vulnerabilities to $50,000. Such figures make great headlines and attract new talent in search of the big bucks, but here is a question that begs to be answered: how much is a vulnerability worth? I have previously found several bugs…

Malware & Threats

7 steps to start a bug bounty program

Issued by: CSO

Vulnerability assessment and identification strategies have evolved to include the concept of crowd sourced security testing through bug bounty programs. While bug bounty programs have been used for over 20 years, widespread adoption by enterprise organizations has just begun to take off within the last few. The bug bounty path, paved by tech giants, is…