For a long time, Yelp.com has been one of the Internet’s most-frequented resources for crowd-sourced local business, restaurant and hospitality reviews and tips. Starting today, the door will be open to researchers and bug-hunters who are invited to participate in Yelp’s public bug bounty. The company has, for two years, participated in a private bounty...

LAS VEGAS – Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. The bounty begins tomorrow on the HackerOne platform, and the first phase will run for six months. The company said that during...

Ask David Dworken when he was in tenth grade what a cross-site scripting vulnerability is and you might get a strange look from the Alexandria, Va., teen. Fast forward two years and pose the same question Dworken and you’ll get a well-versed answer from the now white hat hacker and recent high school graduate. Dworken...

Microsoft is accelerating the fumigation of bugs on its soon-to-be released Windows Server 2016 operating system. Last week, Microsoft announced a new bug bounty program running from April 29, through July 29, 2016 – with up to $15,000 in rewards for each qualifying bug. Microsoft’s expansion of its 3-year-old program now includes its Nano Server,...

MIAMI—Lisa Wiswell’s phone rang off the hook last summer in the throes of the OPM hack. But she wasn’t just answering questions from those whose security clearance and personal data disappeared into the Chinese ether; there were also hackers on the other end of the line offering their help. Wiswell, digital service lead with the...

The Department of Defense announced today that registration for its Hack the Pentagon bug bounty trial program is open, and that the program will be run on the HackerOne platform. The trial of the government’s first bug bounty program will run April 18 to May 12. The DoD said only certain public-facing websites will be...

Uber’s bug bounty program emerged from private beta mode yesterday, which it used as a feedback forum for participants in order to develop the public program. “This was pretty unique in its approach,” said HackerOne CTO Alex Rice. Uber’s program is built on the HackerOne platform, and Uber announced that the program’s biggest payouts for...

Threatpost editor Mike Mimoso talks to HackerOne chief policy officer Katie Moussouris about the U.S. implementation of the Wassenaar Arrangement rules and where things stand close to seven months after the initial draft was pulled off the table for a rewrite. [embedded content]

It’s been months since the U.S. Commerce Department’s Bureau of Industry and Security pulled the U.S. implementation of the Wassenaar Arrangement off the table for an unusual rewrite of the rules governing so-called intrusion software. The overly broad rule drew the ire of security and privacy experts because its vague language would put a serious...

A critical vulnerability in Yahoo Mail that could give attackers complete control of an account was patched two weeks ago. The flaw was privately disclosed Dec. 26 by Finnish researcher Jouko Pynnonen and patched Jan. 6. Pynnonen earned himself a $10,000 bounty, one of the highest paid out by Yahoo through its HackerOne program. Pynnonen...