Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs
The bug bounty “queen” Katie Moussouris discusses the biggest mistakes that companies launching these programs are making.
Vulnerability Disclosure
Threatpost News Wrap Podcast For Sept. 7
The Threatpost team breaks down the biggest news from the week ended Sept. 7.
ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities
HackerOne’s 2018 Hacker-Powered Security Report showed that the average award for critical vulnerabilities has increased.
Microsoft released 18 security bulletins, eight rated critical. The company also patched publicly disclosed vulnerabilities that surfaced since last month’s postponement of Patch Tuesday.
By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure.
Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure.
In the wake of the Pentagon and Army bug bounties, the government continues to engage researchers with the publication of the DoD’s vulnerability disclosure program.
The security community often thrives on controversy, but when it comes to vulnerability disclosures in life-saving medical devices, ego and attention-grabbing must be put aside.
Google today disclosed the existence of a Windows zero-day vulnerability under attack. The flaw was reported to Microsoft 10 days ago; Microsoft says the disclosure puts users at risk.
Security and policy experts make another call for additional transparency around the government’s Vulnerabilities Equities Process and the zero days it has in its possession.
