disclosure

Department of Defense Sets Ground Rules for Hackers

In-brief: The U.S. Department of Defense published guidelines on Monday for independent security researchers to disclose vulnerabilities in DoD’s public facing systems. The program, managed by the firm HackerOne, provides a legal route for hackers to disclose vulnerabilities to the military.

Researcher Warns of Holes In Smart Thermostats

In-brief: A researcher from the firm Trustwave warns that Trane ComfortLink smart thermostats suffer from a string of security woes, including hard coded administrator credentials. 

Apple Falls In Line: Offers Bounties Up To $200K For iOS, iCloud

In-brief: Apple announced on Thursday that a new bug bounty program would pay researchers up to $200,000 for information on flaws in its iOS mobile operating system and iCloud service, joining the ranks of technology firms that offer cash for information on software vulnerabilities. 

The Good, Bad and Ugly of Vulnerability Markets

In-brief: Markets for information on software vulnerabilities are good for security. But they can also raise moral and ethical quandaries, especially in an age of cyber physical risks, argues Cisco’s Marc Blackmer.

Update- Zero to 60: Experts Divided on Wisdom of Fiat Chrysler’s Bounty

In-brief: Security experts are divided on Fiat Chrysler’s new bug bounty program, with some decrying small dollar awards, while others argue the company may have moved far too quickly in offering cash rewards to begin with.