Ubergizmo: Hyatt Hotels Launches Its Own Bug Bounty Program. “It’s common for tech companies to have a bug bounty program. That allows them to tap into the incredible talents of whitehat hackers who disclose vulnerabilities in their systems in exchange for a reward. Hyatt Hotels isn’t a tech company, it’s a major hospitality chain. However, in light of the recent card-skimming attacks against its properties, the hotel chain has launched its own bug bounty program.” Considering how many hotels and hospitality businesses get hacked, I think this is a great idea.
Julia Reda: In January, the EU starts running Bug Bounties on Free and Open Source Software. “In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on. A bug bounty is a prize for people who actively search for security issues. The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.”
eWeek: Facebook Boosts Bug Bounty Payouts for Account Takeover Flaws. “In an effort to improve user account security and mitigate hijacking threats, Facebook announced on Nov. 20 that it is increasing the awards it pays out to security researchers for responsibly disclosing flaws. The increases come via Facebook’s bug bounty program, which provides financial rewards for researchers who report issues to the social networking giant.”
TechCrunch: Facebook expands bug bounty program to include third-party apps and websites. “Facebook announced this morning it’s expanding its bug bounty program – which pays researchers who find security vulnerabilities within its platform – to now include issues found in third-party apps and websites. Specifically, Facebook says it will reward valid reports of vulnerabilities that relate to the improper exposure of Facebook user access tokens.”
MIT Technology Review: Crowdsourcing the hunt for software bugs is a booming business—and a risky one. “This cybersecurity gig economy has expanded to hundreds of thousands of hackers, many of whom have had some experience in the IT security industry. Some still have jobs and hunt bugs in their spare time, while others make a living from freelancing. They are playing an essential role in helping to make code more secure at a time when attacks are rapidly increasing and the cost of maintaining dedicated internal security teams is skyrocketing .”
CNET: HP will pay hackers up to $10,000 to break its printers. “HP isn’t asking people to smash its printers to pieces, but the company is willing to pay people to break its software apart. On Tuesday, HP announced its first bug bounty program that specifically targets its printers, offering as much as $10,000 to hackers who can find vulnerabilities on its machines.”
eWeek: Critical Bug Bounty Reports on the Rise, HackerOne Finds. “HackerOne released its 2018 Hacker-Powered Security Report on July 11, providing insights into the current state of the bug bounty marketplace. The report is based on 78,275 security vulnerability reports that HackerOne received on its managed bug bounty platform, which handles programs for more than 1,000 organizations.”