July 1, 2024 at 12:24PM Chris Evans, CISO of HackerOne, challenges common perceptions of hackers. He defines a hacker as someone who creatively overcomes limitations and believes computer hacking is about improving life. He argues that most hackers naturally use their skills for good and emphasizes the positive impact of hacking on society. Evans also … Read more
May 29, 2024 at 05:24AM Netflix has paid out more than $1 million to over 5,600 researchers since starting its bug bounty program in 2016. The move to the HackerOne platform promises increased rewards and expanded coverage, with potential payouts between $300 and $20,000 per vulnerability. However, its response to a researcher’s findings about illegal … Read more
May 1, 2024 at 11:21AM Adobe recently expanded its bug bounty program to include Content Credentials and Adobe Firefly, offering incentives for hackers to search for and report security defects. The program aims to reinforce the resilience of Adobe’s implementation against traditional risks and unique considerations and to test the resilience of AI models. Interested … Read more
March 19, 2024 at 05:15PM The U.S. Department of Defense Cyber Crime Center has processed its 50,000th vulnerability report from 5,635 researchers since 2016. DC3 launched its Vulnerability Disclosure Program following ‘Hack-the-Pentagon’ to engage ethical hackers continuously. VDP’s success includes discovering and mitigating 400 significant security flaws in a special 12-month program with Defense Counterintelligence … Read more
March 18, 2024 at 09:15AM The US Department of Defense has processed 50,000 reports through its vulnerability disclosure program, initiated after the success of the ‘Hack the Pentagon’ bug bounty program. Collaborating with platforms like HackerOne, Bugcrowd, and Synack, DoD expanded its bug bounty programs, saving an estimated $61 million and receiving over 45,000 vulnerability … Read more
October 28, 2023 at 02:18PM HackerOne, a bug bounty platform, has awarded over $300 million in rewards to ethical hackers since its inception. Thirty hackers have earned over $1 million, with one receiving $4 million for his bug reports. On average, it took organizations 25.5 days to resolve reported bugs this year, a 28% improvement. … Read more
October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0. … Read more