The work of vulnerability research has changed a lot in the last two decades. In this episode, Security Ledger Podcast host Paul Roberts chats with the independent researcher known as “Sick Codes” about the growing risk of open source supply chain hacks, his method for bug hunting and what projects are in the pipeline for 2021.
Search Results for "bug bounty"
Podcast: Play in new window | Download (Duration: 39:54 — 45.7MB) | EmbedSubscribe: Google Podcasts | Email | RSS In this week’s episode (#112): top bug hunters can earn more than $1 million a year from “bounties” paid for information on exploitable software holes in common platforms and applications. What does it take to be among the best? We talk with Jason Haddix of the firm Bug Crowd to find out. Also: The Internet Society’s Jeff Wilbur talks about the new #GetIoTSmart campaign to educate device makers and the public about Internet of Things security.
Podcast: Play in new window | Download (Duration: 1:06:17 — 75.9MB) | EmbedSubscribe: Google Podcasts | Email | RSSIn our latest podcast: the ride sharing firm Uber finds itself on the wrong side of a Florida Man story after paying $100,000 in hush money to a man from The Sunshine State who stole information on 57 million Uber customers. We speak with Katie Moussouris about how the company’s actions could affect the future of the young vulnerability disclosure industry. Also: with BitCoins trading for $16,000 each, Wandera researcher Dan Cuddeford joins us to talk about mobile crypto-jacking schemes that hijack mobile devices to mine crypto currencies. And we invite Alan Brill of the firm Kroll back to discuss recent House of Representatives hearings on the future of authentication in an age of rampant data sharing and data theft.
In-brief: the disclosure of a critical flaw in remote management software by Intel followed the company’s move, in March, to begin offering cash bounties for information about software vulnerabilities, an Intel spokesman confirmed.
In-brief: Security experts are divided on Fiat Chrysler’s new bug bounty program, with some decrying small dollar awards, while others argue the company may have moved far too quickly in offering cash rewards to begin with.