The Register: Git money, git paid: GitHub waves larger wads of dollar bills to tempt bug hunters . “Social code storage biz GitHub, now a ward of Microsoft, on Tuesday divulged plans to make itself more attractive to hackers by flashing larger sums of cash and offering better indemnity.”
Mashable: FaceTime bug teenager is eligible for bug bounty payout. “The rather serious FaceTime bug widely reported about last week left Apple a little red-faced and one 14-year-old (and his mother) hoping Apple would give him some credit for discovering it. Now it looks like he’s going to get a big payout from Apple’s bug bounty program.”
Ubergizmo: Hyatt Hotels Launches Its Own Bug Bounty Program. “It’s common for tech companies to have a bug bounty program. That allows them to tap into the incredible talents of whitehat hackers who disclose vulnerabilities in their systems in exchange for a reward. Hyatt Hotels isn’t a tech company, it’s a major hospitality chain. However, in light of the recent card-skimming attacks against its properties, the hotel chain has launched its own bug bounty program.” Considering how many hotels and hospitality businesses get hacked, I think this is a great idea.
Julia Reda: In January, the EU starts running Bug Bounties on Free and Open Source Software. “In January the European Commission is launching 14 out of a total of 15 bug bounties on Free Software projects that the EU institutions rely on. A bug bounty is a prize for people who actively search for security issues. The amount of the bounty depends on the severity of the issue uncovered and the relative importance of the software.”
eWeek: Facebook Boosts Bug Bounty Payouts for Account Takeover Flaws. “In an effort to improve user account security and mitigate hijacking threats, Facebook announced on Nov. 20 that it is increasing the awards it pays out to security researchers for responsibly disclosing flaws. The increases come via Facebook’s bug bounty program, which provides financial rewards for researchers who report issues to the social networking giant.”
TechCrunch: Facebook expands bug bounty program to include third-party apps and websites. “Facebook announced this morning it’s expanding its bug bounty program – which pays researchers who find security vulnerabilities within its platform – to now include issues found in third-party apps and websites. Specifically, Facebook says it will reward valid reports of vulnerabilities that relate to the improper exposure of Facebook user access tokens.”
MIT Technology Review: Crowdsourcing the hunt for software bugs is a booming business—and a risky one. “This cybersecurity gig economy has expanded to hundreds of thousands of hackers, many of whom have had some experience in the IT security industry. Some still have jobs and hunt bugs in their spare time, while others make a living from freelancing. They are playing an essential role in helping to make code more secure at a time when attacks are rapidly increasing and the cost of maintaining dedicated internal security teams is skyrocketing .”