HackerOne’s 2018 Hacker-Powered Security Report showed that the average award for critical vulnerabilities has increased.

The U.S. Department of Defense is the latest government entity to double down on vulnerabilities, on Monday announcing a new bug bounty program.

HackerOne released its first report on its bug bounty program, and reveals an industry shift toward enlisting hackers for better cybersecurity.

Senators introduced a bill last week to establish a bug bounty pilot program within the Department of Homeland Security.

Katie Moussouris on how bug bounty programs have gone mainstream, the success of Hack the Pentagon and Hack the Army, and where things stand with the Wassenaar Arrangement.

The U.S. Army released the results of its Hack the Army bug bounty, and said that close to $100,000 was paid out, and 118 unique and actionable vulnerabilities were reported.

In the wake of the Pentagon and Army bug bounties, the government continues to engage researchers with the publication of the DoD’s vulnerability disclosure program.

The government announced its second bug bounty program called Hack the Army, which will concentrate on finding bugs in recruiting websites and databases.

Ask David Dworken when he was in tenth grade what a cross-site scripting vulnerability is and you might get a strange look from the Alexandria, Va., teen. Fast forward two years and pose the same question Dworken and you’ll get a well-versed answer from the now white hat hacker and recent high school graduate. Dworken...

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Katie Moussouris @k8em0.  Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard that began about 11 years ago with the emotionally loaded title “Responsible Vulnerability Disclosure,”...