bounty

The Good, Bad and Ugly of Vulnerability Markets

In-brief: Markets for information on software vulnerabilities are good for security. But they can also raise moral and ethical quandaries, especially in an age of cyber physical risks, argues Cisco’s Marc Blackmer.

Auto Industry Publishes Best Practices for Cybersecurity

In-brief: An Automotive industry information sharing group has published Best Practices” document, giving individual automakers guidance on improving the cybersecurity of their vehicles.

Update- Zero to 60: Experts Divided on Wisdom of Fiat Chrysler’s Bounty

In-brief: Security experts are divided on Fiat Chrysler’s new bug bounty program, with some decrying small dollar awards, while others argue the company may have moved far too quickly in offering cash rewards to begin with.

Fiat Chrysler Launches Public Bug Bounty – But It’s Not All That

In-brief: Fiat Chrysler Automobiles (FCA) has unveiled a public “bounty” program that will pay security researchers up to $1,500 dollars for information on vulnerabilities in software used in conjunction with the company’s vehicles. Don’t get too excited. 

Report: Feds Mull Bug Bounty Contest for Medical Devices

In-brief: Following the success of the Hack the Pentagon bug bounty program, officials at the U.S. Department of Health and Human Services are considering launching a similar program aimed at medical devices and other healthcare systems.