Facebook quickly resolved a vulnerability in its Business Manager late last month that could have let an attacker take over any Facebook page.
One of the ways we proactively improve our security is through participation in the AVG bug bounty program on Bugcrowd. We have recently reviewed the rewards offered as part of this program and now offer up to USD$1,000 per bug.
We appreciate and reward the efforts of security researchers who, within the strict terms of the bounty program, are able to responsibly disclose vulnerabilities found in our nominated PC based client side applications.
If you have skills and experience reverse engineering binary code, or you like breaking AntiVirus engines in your spare time, then this could be the stimulating and rewarding challenge you’ve been looking for.
Bugcrowd is a great community of like-minded security geeks who get to pentest, hack and crack great companies like AVG, Fitbit, Dropbox and even Tesla Motors – all in the name of responsible disclosure for rewards and kudos!
We look forward to seeing what juicy vulnerabilities you’ll uncover, and in return get rewarded for helping us keep over 200 million friends safe and secure.
Get cracking! And until next time, stay safe out there.
For AVG, helping to keep our 200 million users safe online isn’t just a question of reacting to threats as and when they appear. Instead, our security is built on a foundation of deliberate, pre-emptive action in order to keep their data and identity safe.
One way to be proactive is through a bug bounty program, which offers rewards to researchers that legally find and responsibly disclose vulnerabilities. By safely identifying and fixing vulnerabilities before attackers discover them, bug bounty programs help make software and websites more secure.
This extra security is one of the reasons I’m pleased to share that AVG has started a bug bounty program on Bugcrowd. Bugcrowd gives AVG the opportunity to have a well-established and respected community review its PC security products. This proactive approach to the security of our software will give our more than 200 million active users even more peace of mind and protection.
By starting a bug bounty program, AVG joins other companies like Google, Microsoft, Facebook and Apple taking that extra step to secure its users.
How can you get involved?
If you think you’ve got what it takes to become a bug bounty hunter, you can see all the technical details here on AVG’s bug bounty page at Bugcrowd.
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.
Pinterest announced this week that it would begin paying cash rewards through its bug bounty program, and said that its move to HTTPS paved the way.
Adobe launched its first vulnerability disclosure program this week. It will use the HackerOne platform and will not pay out bounties, instead researchers can bulk up their HackerOne reputation scores. Only vulnerabilities in Adobe web applications or web-based services are in scope.
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.
Drupal released an update that patches a moderately critical cross-site scripting vulnerability in its Mollom content and spam moderation module.