Bug Bounties News, Articles and Updates

Ethical hackers can earn 16 times a software engineers' salary, report

A recent HackerOne survey found that some bug bounties bounty-hunters are earning more than 16 times what they would have earned as a software engineer in their own country.

Why companies should employ ethical hackers

Hiring a white hat hacker to find your system vulnerabilities and fix them, before the bad guys find and exploit them is a recommended method of strengthening defences says Krishna Rungta.

Google Play bug bounty programme aims to make Android apps safer

If the Google Play Security Reward Programme doesn't seem like a typical bug bounty programme, that's because it isn't.

Zerodium offers up $1 million bounties for Tor zero day

Zero-day-acquisition firm Zerodium reported it will pay a total of US$ 1 million (£740,000) for zero day exploits found for the Tor browser on Tails Linux and Windows.

Russian hacker extorts gambling company after cracking poker machines

A Russian mathematician and programmer attempted to extort an Australian gambling company of £10 million or more after cracking the spin sequence on several of the firm's poker machines.

Office 365 bug bounty maximum prize $30,000 until May 1st

The Microsoft Online Services Bug Bounty programme has doubled the maximum payment for vulnerabilities found on the company's Microsoft Office 365 Portal and Microsoft Exchange Online.

Vulnerabilities in Slack could have led to account hijacking

Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames.

To pay or not to pay...

Andrew Tang explores the contentious issue of paying bug bounties when software flaws are discovered.

Bug hunter finds backdoor in Facebook left by another bug hunter

A series of bug bountiers have apparently open and closed a vulnerability in the social media giant, Facebook.

The 15 most successful ethical hackers worldwide

Not all hackers are evil, some of them do fight to keep the internet safe. Most of the good guys do it for the bounties offered by major brands and net companies.

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.

Can bug bounties replace traditional web security?

Bug bounties may appear to be an attractive way to crowd-source security testers and only pay on results, but there may be serious pitfalls for your organisation's cyber-security, says Ilia Kolochenko.