A draft document lays out its criteria for addressing various flaws and notes the exceptions.

Threatpost talks to Christie Terrill of Bishop Fox about the pros and cons of using bug bounty programs versus penetration testing for companies.

Uber is tightening policies around its bug bounty program after a 2016 data breach exposed deep flaws in its policies around handling extortion.

The U.S. Department of Defense is the latest government entity to double down on vulnerabilities, on Monday announcing a new bug bounty program.

Facebook announced that in the coming weeks it will expand its bug bounty program as the company cracks down on data misuse by app developers.

Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000.

A researcher with the Twitter handle ‘Siguza’ published details of a macOS local privilege escalation vulnerability dating back to 2002 that could give an attacker root access to systems.

MedSec CEO Justine Bone said shorting companies to profit off discovered vulnerabilities is a viable business model for the security community.

Microsoft said Wednesday it would extend its Edge bug bounty program indefinitely.

Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.