The U.S. Army released the results of its Hack the Army bug bounty, and said that close to $100,000 was paid out, and 118 unique and actionable vulnerabilities were reported.
Ransomware, insecure connected devices, bug bounties and governments buying bugs: All four ceased to be novelties in 2016; they’re all new normals for cybersecurity.
Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.
In the wake of the Pentagon and Army bug bounties, the government continues to engage researchers with the publication of the DoD’s vulnerability disclosure program.
Qualcomm and HackerOne are partnering for a bug bounty program that pays out up to $15,000 for vulnerabilities found in chipsets used in smartphones made by Samsung, LG and HTC.
The government announced its second bug bounty program called Hack the Army, which will concentrate on finding bugs in recruiting websites and databases.
Developers with GitLab fixed a critical vulnerability in the open source repository manager that could have allowed the theft of application files, tokens, or secrets.