Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
Google awarded a hefty $10,000 bounty to a high school student last week for uncovering a bug that could have let anyone access an internal Google website.
Security researcher Dino Dai Zovi talks about a new company he cofounded called Capsule8 that will help IT organizations counter threats to Linux infrastructures.
The U.S. Army released the results of its Hack the Army bug bounty, and said that close to $100,000 was paid out, and 118 unique and actionable vulnerabilities were reported.
Results of a NTIA survey published today show that researchers prefer open communication with vendors over financial compensation when it comes to vulnerability disclosure.