We talk with Casey Ellis, founder and CTO of BugCrowd about how the market for software bugs has changed since the first bug bounty programs emerged nearly 20 years ago, and what’s hot in bug hunting in 2021.
Search Results for "bug bounty"
Episode 201: Bug Hunting with Sick Codes
The work of vulnerability research has changed a lot in the last two decades. In this episode, Security Ledger Podcast host Paul Roberts chats with the independent researcher known as “Sick Codes” about the growing risk of open source supply chain hacks, his method for bug hunting and what projects are in the pipeline for 2021.
Podcast Episode 112: what it takes to be a top bug hunter
In this week’s episode (#112): top bug hunters can earn more than $1 million a year from “bounties” paid for information on exploitable software holes in common platforms and applications. What does it take to be among the best? We talk with Jason Haddix of the firm Bug Crowd to find out. Also: The Internet Society’s Jeff Wilbur talks about the new #GetIoTSmart campaign to educate device makers and the public about Internet of Things security.
Podcast: will Uber’s Florida Man Problem chill Bug Bounties?
In our latest podcast: the ride sharing firm Uber finds itself on the wrong side of a Florida Man story after paying $100,000 in hush money to a man from The Sunshine State who stole information on 57 million Uber customers. We speak with Katie Moussouris about how the company’s actions could affect the future of the young vulnerability disclosure industry. Also: with BitCoins trading for $16,000 each, Wandera researcher Dan Cuddeford joins us to talk about mobile crypto-jacking schemes that hijack mobile devices to mine crypto currencies. And we invite Alan Brill of the firm Kroll back to discuss recent House of Representatives hearings on the future of authentication in an age of rampant data sharing and data theft.
Info on Intel Flaw Followed Offer of Cash Bounty
In-brief: the disclosure of a critical flaw in remote management software by Intel followed the company’s move, in March, to begin offering cash bounties for information about software vulnerabilities, an Intel spokesman confirmed.
