Facebook's 2017 Bug Bounty programme paid out US$ 880,000 (£638,000) to more than 100 researchers and will update its Thanks page in 2018 to reflect dollar amount and submission validity, among other items.
The US Defence Department's vulnerability disclosure programme (VDP) has yielded 2,837 security flaws in the nearly one year since its inception.
Security researcher earns bug bounty after discovering he can steal Slack tokens by hijacking WebSocket connections through unvalidated functions.
Researcher gets $40,000 bounty for finding exploit that could have allowed an attacker to exploit ImageMagick to gain control of a Facebook server.
Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.
A hacker calling himself Revolver yesterday advertised on Twitter that he was selling access to Pornhub servers for $1,000 after discovering an exploit, but the pornography video sharing website is disputing the veracity of this hack.
Pornhub is offering white hats between $50 (£35) and $25,000 (£17,300) for reporting qualifying vulnerabilities.
Israel-based cyber-threat specialists Cyberint insists it has found a serious flaw in Google security despite the tech giant's denials that email injection can bypass security filters.
Bug hunters get rewarded for finding vulnerabilities in cloud storage service
The bug bounty broker Zerodium has offered big bucks to whoever can crack Flash's recent heap isolation security update.
A bug bounty programme will be launched later this year by the Tor Project to help steer security researchers to report issues that they find in software in a responsible manner.
Wesley Wineberg claimed to have discovered a million dollar bug in Facebook but the social media company has objected to the intrusive nature of his investigation and threatened to sue him.
ICYMI: Madison extortion, Cyber-sec challenge, United bug-bounty, French intelligence, and Anonymous/ISIS spat
The latest In Case You Missed It (ICYMI) looks at suspected Madison extorortionists, Cyber-Sec challenge finals, bug-bounty criticism, French intelligence & Anonymous' ISIS twitter battle.
Security researcher claims United Airlines sat on serious bug for five months which would have allowed an attacker to access customers' flight details and even cancel flights.
Is the idea of putting a cash bounty on hackers an effective way to disrupt or stop DDoS attacks, or a vigilante action that takes time and money from the business of protecting networks?
We ask industry experts, when life and limb are at risk, is responsible disclosure of vulnerabilities enough? Or should there be mandated disclosure?
Researchers reveal zero-day vulnerabilities in FireEye and Kaspersky's security software during the US Labor Day holiday weekend.
Stored XSS vulnerabilities exposed payments page and opened PayPal users to malicious file attacks, say researchers.
OS X flaw is exposed by teenage Italian security researcher without warning Apple - reigniting the debate about 'irresponsible' bug disclosure.
Oracle CSO Mary Ann Davidson penned a blog post on Monday and warned researchers they would receive a legal letter if they continued to reverse engineer the company's code.
Bonanza for bug hunters? After Windows 10, it's time to clean up
Yahoo's Interim CEO Ramses Martinez detailed the company's bug bounty programme's successes since its creation in 2013.
ICYMI: Lot airline DDoS attack; Samsung keyboard vulnerability, poor VoIP server security; LinkedIn bug bounty programme, Verify programme has severe privacy/security problems.
LinkedIn's director of information security confirms that its private bug bounty programme was formalised in October.