Why Ethics Matter in Bug Bounties

In 2017 we saw more data breaches, phishing scams, ransomware, state-sponsored attacks than ever before. And while each one was damaging in their own right and continue to shape cybersecurity, one breach in particular stood out: the Uber breach. Not necessarily for the impact or the type of breach, but for what happened afterwards. For

By Bug Bounty ManagementCybersecurity News
NIST: Vulnerability Disclosure as a Requirement for Every Organization

Earlier this month, the National Institute of Standard and Technology’s (NIST) cybersecurity framework released a revision (1.1, Draft 2) of its Framework for Improving Critical Infrastructure Cybersecurity. The new release now includes vulnerability disclosure processes as part of the Framework Core (on page 43). This revision contains an important addition, the result of an industry effort. Last

By Cybersecurity NewsVulnerability Disclosure
Why More Government Agencies Need Bug Bounty and Vulnerability Disclosure Programs

If you’re reading this article, statistically speaking your organization might be getting hacked. Data breaches of U.S. government networks, once novel, have become pervasive over the past year. Take it from the Office of Personnel Management (OPM) or the IRS – no one is safe anymore. In private sector, the Equifax hack and Intel’s processor vulnerabilities have hit mainstream media by storm. The

By Bug Bounty ManagementCybersecurity NewsVulnerability Disclosure
Spectre & Meltdown: Quick Fact Sheet

Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, Google’s Project Zero has provided exploits that work against real

By Cybersecurity News
MacOS High Sierra: Getting to the Root of the Problem

What we know so far Earlier today it was publicly disclosed that Apple’s MacOS High Sierra contains a trivially-exploitable flaw, which allows malicious individuals to generate a persistent root access account to your system. It is not readily apparent whether or not this vulnerability is remotely exploitable, but out an of abundance of caution there

By Cybersecurity News