HackerOne released a free model that assesses an organization’s readiness to accept outside vulnerability reports.
The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate.
Bug bounties and rewards programs provide researchers with a measure of income, and if the proposed Wassenaar rules are implemented in the U.S., that initiatives could be adversely impacted.
The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement.
Adobe launched its first vulnerability disclosure program this week. It will use the HackerOne platform and will not pay out bounties, instead researchers can bulk up their HackerOne reputation scores. Only vulnerabilities in Adobe web applications or web-based services are in scope.
In this video from last week’s Security Analyst Summit, HackerOne’s Katie Moussouris explains the main thing companies that want to start a bounty program or vulnerability incentive program need to know: There is no one size fits all.
At the Security Analyst Summit, Katie Moussouris encouraged enterprises to build bug bounty programs that feed a software development lifecycle.
Panelists at the Advanced Cyber Security Center annual conference discuss how readiness for the next Internet-scale bug is no longer a luxury.