“A few years ago, a hacker managed to exploit vulnerabilities in Tesla’s servers to gain access and control over the automaker’s entire fleet,” remembers Electrek (in a story shared by long-time Slashdot reader AmiMoJo). Tesla enthusiast Jason Hughes had already received a $5,000 bug bounty for reporting a vulnerability, but “knowing that their network wasn’t the most secure, to say the…
Tag: bug bounties
Microsoft Goes Big in Security Bug Bounties: Its $13.7m is Double Google’s 2019 Payouts
Microsoft has revealed it has awarded security researchers $13.7m for reporting bugs in Microsoft software since July last year. From a report: Microsoft’s bug bounties are one of the largest source of financial awards for researchers probing software for flaws and, importantly, reporting them to the relevant vendor rather than selling them to cybercriminals via underground markets or exploit brokers who…
Firefox Raises Its Bug Bounties to $10,000
“We’re updating our bug bounty policy and payouts to make it more appealing to researchers and reflect the more hardened security stance we adopted after moving to a multi-process, sandboxed architecture,” reports the Mozilla security blog:
Besides rewarding duplicate submissions, we’re clarifying our payout criteria and raising the payouts for higher impact bugs. Now, sandbox escapes and related bugs will be eligible…
AI Researchers Propose ‘Bias Bounties’ To Put Ethics Principles Into Practice
Researchers from Google Brain, Intel, OpenAI, and top research labs in the U.S. and Europe joined forces this week to release what the group calls a toolbox for turning AI ethics principles into practice. From a report: The kit for organizations creating AI models includes the idea of paying developers for finding bias in AI, akin to the bug bounties offered…
How Should Students Respond To Their School’s Surveillance Systems?
Hundreds of thousands of American students are being tracked by their colleges to monitor attendance, analyze behavior and assess their mental health, the Washington Post reported this week. That article has now provoked some responses… Jay Balan, chief security researcher at Bitdefender, told Gizmodo that the makers of the student-tracking apps should at least offer bug bounties and disclose their source…
Security Researchers Exploit Amazon Echo’s Chromium Bug, Win $60,000 Bounty
An anonymous reader quotes TechCrunch: Two security researchers have been crowned the top hackers in this year’s Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo. Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo Show…