In-brief: The U.S. Department of Defense published guidelines on Monday for independent security researchers to disclose vulnerabilities in DoD’s public facing systems. The program, managed by the firm HackerOne, provides a legal route for hackers to disclose vulnerabilities to the military.
In-brief: A researcher from the firm Trustwave warns that Trane ComfortLink smart thermostats suffer from a string of security woes, including hard coded administrator credentials.
In-brief: Apple announced on Thursday that a new bug bounty program would pay researchers up to $200,000 for information on flaws in its iOS mobile operating system and iCloud service, joining the ranks of technology firms that offer cash for information on software vulnerabilities.
In-brief: Markets for information on software vulnerabilities are good for security. But they can also raise moral and ethical quandaries, especially in an age of cyber physical risks, argues Cisco’s Marc Blackmer.
In-brief: Security experts are divided on Fiat Chrysler’s new bug bounty program, with some decrying small dollar awards, while others argue the company may have moved far too quickly in offering cash rewards to begin with.