Tag: vulnerability disclosure

CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies
Black Hat 2019, BUG BOUNTY

CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems. . CISA Pushing ... Read More

Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’
Black Hat 2019, bug

Marc Rogers: Success of Anonymous Bug Submission Program ‘Takes A Village’

Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously. . Marc Rogers: ... Read More

iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts
Apple, Apple hack

iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts

Apple will not fix the glitch until the release of iOS 13.1 later in September. . iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts ThreatpostSource ... Read More

Six Hackers Have Now Pocketed $1M From Bug Bounty Programs
$1 million, Black Hat 2019

Six Hackers Have Now Pocketed $1M From Bug Bounty Programs

Up to 25 percent of valid vulnerabilities found in bug bounty programs are classified as being of high or critical severity. . Six Hackers Have ... Read More

News Wrap: Linux Utility Backdoor, Steam Zero Day Disclosure Drama
backdoor, Black Hat 2019

News Wrap: Linux Utility Backdoor, Steam Zero Day Disclosure Drama

From a backdoor placed in the Webmin utility to vulnerability disclosure drama around zero-days in Valve's Steam gaming clients, Threatpost breaks down this week's top ... Read More

Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban
Black Hat 2019, disclosure

Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban

After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client. . Researcher Discloses ... Read More

Apple Sues Corellium Over iOS ‘Replica’ Security Testing Software
Apple, apple lawsuit

Apple Sues Corellium Over iOS ‘Replica’ Security Testing Software

The phone company has sued the startup for copyright infringement. . Apple Sues Corellium Over iOS ‘Replica’ Security Testing Software ThreatpostSource link Read More

Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe
Apache Software Foundation, Apache Struts

Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe

Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn. . Apache Security Advisories Red Flag Wrong ... Read More

Implementing Bug Bounty Programs: The Right and Wrong Approaches
bounty hunter, Bug Bounty program

Implementing Bug Bounty Programs: The Right and Wrong Approaches

Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs. . Implementing Bug Bounty Programs: The ... Read More